Release date:
2026-06-18 16:32:55 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify
- debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain
explicitly and stop at the caller-supplied indata BIO so a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no
longer make OpenSSL free a caller-owned BIO in PKCS7_verify()
- CVE-2026-45447
Updated packages:
-
alt-openssl_1.1.1w-3.5_amd64.deb
sha:eec687f85b2ad8cc97c6fd79b84d386386072e01
-
alt-openssl-dev_1.1.1w-3.5_amd64.deb
sha:c8637f3e91e9f0fe22242f6db7cbf10751d46eeb
-
alt-openssl-doc_1.1.1w-3.5_all.deb
sha:af7ff84a55f2f629f984799a98845cc41cc0f747
-
alt-openssl-libs_1.1.1w-3.5_amd64.deb
sha:9963bd84c1dc9aa0f3f0fd406abaf1c353ff3675
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
