[CLSA-2026:1777480794] openssl: Fix of 3 CVEs
Type:
security
Severity:
Important
Release date:
2026-04-29 16:39:59 UTC
Description:
- CVE-2026-28388: NULL pointer dereference in check_delta_base() when a delta CRL omits the required CRL Number extension - CVE-2026-28389: NULL pointer dereference in dh_cms_set_shared_info() and ecdh_cms_set_shared_info() when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted - CVE-2026-28390: NULL pointer dereference in rsa_cms_decrypt() when the CMS RSA-OAEP pSourceFunc parameter field is omitted
Updated packages:
  • openssl-1.0.2k-24.amzn2.0.17.tuxcare.els1.x86_64.rpm
    sha:b2085e20c2ba1372a39279f4282bf965ed44dd7ac662b0472e5944bc82364591
  • openssl-devel-1.0.2k-24.amzn2.0.17.tuxcare.els1.x86_64.rpm
    sha:6ddf1a335cf0608cbfa72da83421859f173ca34c247f636cbafdafbdc6e81788
  • openssl-libs-1.0.2k-24.amzn2.0.17.tuxcare.els1.i686.rpm
    sha:be861f64d4a7d7c4619f196ee85573da1cb977d40d339532e0ad5265cb7ea3ae
  • openssl-libs-1.0.2k-24.amzn2.0.17.tuxcare.els1.x86_64.rpm
    sha:09b20d0ebba811af952b345ae3f42157a01553eb2002a8caac0c9f6555c74f9c
  • openssl-perl-1.0.2k-24.amzn2.0.17.tuxcare.els1.x86_64.rpm
    sha:e1f77722e2e55d3d8c52ecaf43bcf24ead559277c3d6d3e5ae99a94a179c5370
  • openssl-static-1.0.2k-24.amzn2.0.17.tuxcare.els1.x86_64.rpm
    sha:3257d0849b050f12d1f31ab92b5a52639969c96d137e6ab61e250d529b91d8be
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.