Release date:
2026-06-18 16:29:23 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify
- debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain
explicitly and stop at the caller-supplied indata BIO so a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no
longer make OpenSSL free a caller-owned BIO in PKCS7_verify()
- CVE-2026-45447
Updated packages:
-
alt-openssl_1.1.1w-3.5_amd64.deb
sha:b193acca6324dc9b363fa7a160156dfba0462f52
-
alt-openssl-dev_1.1.1w-3.5_amd64.deb
sha:578bb40a764b09c00d8bfa954033e0a376033dfe
-
alt-openssl-doc_1.1.1w-3.5_all.deb
sha:9623975992850f2066918ba85a07a19eb0446c5d
-
alt-openssl-libs_1.1.1w-3.5_amd64.deb
sha:1e2b48bfe4948be356309b3af6c8ea18f2a3142b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
