Release date:
2026-05-05 16:38:52 UTC
Description:
* SECURITY UPDATE: fix UAF/double-free in DANE client by using X509_free() for dane->mcert
- debian/patches/CVE-2026-28387.patch: fix UAF/double-free in DANE client by using X509_free() for dane->mcert
- CVE-2026-28387
* SECURITY UPDATE: NULL check delta->crl_number before ASN1_INTEGER_cmp() in check_delta_base()
- debian/patches/CVE-2026-28388.patch: NULL check delta->crl_number before ASN1_INTEGER_cmp() in check_delta_base()
- CVE-2026-28388
* SECURITY UPDATE: NULL check alg->parameter in [ec]dh_cms_set_shared_info() before deref
- debian/patches/CVE-2026-28389.patch: NULL check alg->parameter in [ec]dh_cms_set_shared_info() before deref
- CVE-2026-28389
* SECURITY UPDATE: NULL check plab->parameter in rsa_cms_decrypt() before deref
- debian/patches/CVE-2026-28390.patch: NULL check plab->parameter in rsa_cms_decrypt() before deref
- CVE-2026-28390
Updated packages:
-
libssl-dev_1.1.1n-0+deb10u6+tuxcare.els3_amd64.deb
sha:db86c301f154350458561e025b2748b55be67966
-
libssl-doc_1.1.1n-0+deb10u6+tuxcare.els3_all.deb
sha:71414008f001048a82aee2aa5c3260e942d6d7f8
-
libssl1.1_1.1.1n-0+deb10u6+tuxcare.els3_amd64.deb
sha:4ac9ecda82651fcdb00983c30e490aa9346393a1
-
openssl_1.1.1n-0+deb10u6+tuxcare.els3_amd64.deb
sha:95a673dfdc836df7c8f5c611e77f352b8b6d8af2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
