Release date:
2026-06-18 16:53:37 UTC
Description:
- CVE-2026-45447: fix use-after-free in PKCS7_verify triggered by a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET, which made
OpenSSL free a caller-owned BIO; free the BIO chain explicitly and stop at
the caller-supplied indata BIO
Updated packages:
-
alt-openssl11-1.1.1w-3.4.el10.x86_64.rpm
sha:6f4a62b48d1a3295bcf124ff4b449f220c58e41c9b941b84874bcbb661dab456
-
alt-openssl11-devel-1.1.1w-3.4.el10.x86_64.rpm
sha:6e22d106ac93fc82f37cee2ce555baff1832ede85e751f985d6b14530ad8b15f
-
alt-openssl11-libs-1.1.1w-3.4.el10.x86_64.rpm
sha:0d1b8f25194d1f84a21f001c1a140826fd1f8b796f1f5ed25be1a0f5d0ce6998
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
