Release date:
2026-04-30 09:53:13 UTC
Description:
- CVE-2026-28387: fix use-after-free / double-free in dane_match()
by releasing the previously stored dane->mcert with X509_free()
instead of OPENSSL_free(); the slot is reference-bumped via
X509_up_ref() so the matching free is X509_free()
Updated packages:
-
openssl-1.1.1k-12.el8.tuxcare.els8.x86_64.rpm
sha:4f67c528b39ca09ae3f63057a9b1026b7645e6c75d8a8a4683ed1ca7ee31c93b
-
openssl-devel-1.1.1k-12.el8.tuxcare.els8.i686.rpm
sha:646e049b83aae46957cdc3d722a2f759c6fef46c35d61b990d06f47838120413
-
openssl-devel-1.1.1k-12.el8.tuxcare.els8.x86_64.rpm
sha:a1b703d0455c2329084bd636f065335a154e0a3ca3048ab529d4d799f8dc73f5
-
openssl-libs-1.1.1k-12.el8.tuxcare.els8.i686.rpm
sha:174ba597f31c861354415b926d4ef131d60accb758b789deaebd3e1579fb1ff4
-
openssl-libs-1.1.1k-12.el8.tuxcare.els8.x86_64.rpm
sha:e3b8fc78cde5210b5b25c6d0c5ae9b1fae8e514083a5c444944448777fa65e46
-
openssl-perl-1.1.1k-12.el8.tuxcare.els8.x86_64.rpm
sha:90ee9c2aacfbd8cd5d324a44d32bb2a901242bc673bbaed100b1899ec95a1957
-
openssl-static-1.1.1k-12.el8.tuxcare.els8.x86_64.rpm
sha:d53a5695868637251377c9cdbb4317548e295784d1666f381b2208e2827d8529
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
