[CLSA-2026:1781799839] Fix CVE(s): CVE-2026-45447
Type:
security
Severity:
Critical
Release date:
2026-06-18 16:24:16 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify - debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain explicitly and stop at the caller-supplied indata BIO so a crafted PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no longer make OpenSSL free a caller-owned BIO in PKCS7_verify() - CVE-2026-45447
CVEs fixed:
Updated packages:
  • alt-openssl_1.1.1w-3.5_amd64.deb
    sha:b197baddf11e203523291e548b659a30a0e5bbd4
  • alt-openssl-dev_1.1.1w-3.5_amd64.deb
    sha:36a54c4f02b75f578cbbe72244808b3fea641a23
  • alt-openssl-doc_1.1.1w-3.5_all.deb
    sha:aa87708ba0b9d2f4002d647094fe26405420c9a2
  • alt-openssl-libs_1.1.1w-3.5_amd64.deb
    sha:648a9cb1e0549928137d3b04ea555edf536cb4a4
  • alt-openssl_1.1.1w-3.5_arm64.deb
    sha:a466ba370cc89c1c19b154e82b2176465a843773
  • alt-openssl-dev_1.1.1w-3.5_arm64.deb
    sha:7fc23d22af3b60f7158beaf77b3872515964db76
  • alt-openssl-doc_1.1.1w-3.5_all.deb
    sha:aa87708ba0b9d2f4002d647094fe26405420c9a2
  • alt-openssl-libs_1.1.1w-3.5_arm64.deb
    sha:13a4d615e5668267e2846b1ced8022d2d4598e5d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.