[CLSA-2026:1782976762] openssl: Fix of 2 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-07-02 07:19:40 UTC
Description:
- CVE-2026-45446: reset AES-SIV final_ret on context reuse so a forged all-zero tag is not accepted for empty-ciphertext messages - CVE-2026-9076: reject KEK ciphers with block size below 4 in CMS kek_unwrap_key to prevent an out-of-bounds read during check-byte validation
Updated packages:
  • openssl-3.0.7-20.el9_2.tuxcare.1.els20.x86_64.rpm
    sha:53510ccc8f883445483b5c0904e5aa0700f7106a97bb4924aa9e70e6a65609ef
  • openssl-devel-3.0.7-20.el9_2.tuxcare.1.els20.i686.rpm
    sha:2bfa29e12a7615ac92a51407372dcd6530466ded265983e27b86b737d9d1d328
  • openssl-devel-3.0.7-20.el9_2.tuxcare.1.els20.x86_64.rpm
    sha:1b978b0b88e4d68ef4c3bf934c9dbd741eaaa039554655fa816aae0bf25a27d7
  • openssl-libs-3.0.7-20.el9_2.tuxcare.1.els20.i686.rpm
    sha:06abcc7b36ea2de0239f630a2878a8a5b9ee9fd6d26414d01c02f0fb03eb9476
  • openssl-libs-3.0.7-20.el9_2.tuxcare.1.els20.x86_64.rpm
    sha:913567e98e3454b4c6cf9cee1f7842b41f08645a91ebeaabbd4325c4c41e8dc1
  • openssl-perl-3.0.7-20.el9_2.tuxcare.1.els20.x86_64.rpm
    sha:b4f42be64bb952feef4ed24fe33e09ae0bed9ef7cea862a5c48a288470ae541d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.