Release date:
2026-06-18 16:44:48 UTC
Description:
- CVE-2026-45447: fix use-after-free in PKCS7_verify triggered by a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET, which made
OpenSSL free a caller-owned BIO; free the BIO chain explicitly and stop at
the caller-supplied indata BIO
Updated packages:
-
alt-openssl11-1.1.1w-3.4.el7.x86_64.rpm
sha:f622ec46d10ac6db9796bb88169cab289518184ebce9eecd35462d68a2765a59
-
alt-openssl11-devel-1.1.1w-3.4.el7.x86_64.rpm
sha:627f192a8e4eb7a84966a631c715679672046025638b9d460b5d5f49828349f0
-
alt-openssl11-libs-1.1.1w-3.4.el7.x86_64.rpm
sha:ea2a024d496cd1a1d452bbb2417a06cc98ee219311977900ccfc2ae97e0d69d5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
