Release date:
2026-06-18 16:49:55 UTC
Description:
- CVE-2026-45447: fix use-after-free in PKCS7_verify triggered by a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET, which made
OpenSSL free a caller-owned BIO; free the BIO chain explicitly and stop at
the caller-supplied indata BIO
Updated packages:
-
alt-openssl11-1.1.1w-3.4.el9.x86_64.rpm
sha:6cdc9c604b7ba39f366c1c67ee00cbbaaee1f17a26daaf1daf5211e78af26f88
-
alt-openssl11-devel-1.1.1w-3.4.el9.x86_64.rpm
sha:c456b63740d35679deae051920a41c4670752a1e7bd547713767ac18baa0c05b
-
alt-openssl11-libs-1.1.1w-3.4.el9.x86_64.rpm
sha:bb69303585be564a81b3499e0f2cf19e7d2f4bf2f450c0592832c5e0fd7b992c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
