Release date:
2026-06-18 16:42:38 UTC
Description:
- CVE-2026-45447: fix use-after-free in PKCS7_verify triggered by a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET, which made
OpenSSL free a caller-owned BIO; free the BIO chain explicitly and stop at
the caller-supplied indata BIO
Updated packages:
-
alt-openssl11-1.1.1w-3.4.el8.x86_64.rpm
sha:ec96c23b1149f443004e5e4108e677c7b1e17af086c844e6a100226a1e3cc8fa
-
alt-openssl11-devel-1.1.1w-3.4.el8.x86_64.rpm
sha:c64b5c07c2c80382101366ffbd224c4e7e3cafcc61b4fbbd3e35d690f2bbbbc6
-
alt-openssl11-libs-1.1.1w-3.4.el8.x86_64.rpm
sha:14370839efee947e7cf9beb0f0ec254f090b3b99cf9b2f9afc75abde89cbf178
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
