Release date:
2026-06-18 16:26:50 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify
- debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain
explicitly and stop at the caller-supplied indata BIO so a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no
longer make OpenSSL free a caller-owned BIO in PKCS7_verify()
- CVE-2026-45447
Updated packages:
-
alt-openssl_1.1.1w-3.5_amd64.deb
sha:f90b7ae28d8522eec8de4fe53448a94c1cda21e7
-
alt-openssl-dev_1.1.1w-3.5_amd64.deb
sha:2654906bc351e4d6ded1f3cc1ddcb981c300843e
-
alt-openssl-doc_1.1.1w-3.5_all.deb
sha:aeca18276b806e2dafd693b81f504662aefb7065
-
alt-openssl-libs_1.1.1w-3.5_amd64.deb
sha:74e7df8cd9e80a9f4a8c8b1a5fbda2e469371633
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
