[CLSA-2026:1782152516] openssl: Fix of CVE-2026-45447
Type:
security
Severity:
Critical
Release date:
2026-06-22 18:22:10 UTC
Description:
- CVE-2026-45447: fix use-after-free in PKCS7_verify() by freeing the BIO chain explicitly, stopping at the caller-owned indata BIO
CVEs fixed:
Updated packages:
  • openssl-1.1.1g-15.el8_4.tuxcare.els20.x86_64.rpm
    sha:80b99b51479d415bad232f12b6cf947201efe7b6f1f6d1a7ff69344fc52fecc5
  • openssl-devel-1.1.1g-15.el8_4.tuxcare.els20.i686.rpm
    sha:b392396867e207f4ba80fc39cf975da62358ff61c8197724938152ed80d03c89
  • openssl-devel-1.1.1g-15.el8_4.tuxcare.els20.x86_64.rpm
    sha:8f61fceb83a8aa8a179ca340e8a395e29b45da2ed49e8b0737d6adfbfdcc164e
  • openssl-libs-1.1.1g-15.el8_4.tuxcare.els20.i686.rpm
    sha:b512668e5f1432a392ef28157c1c9acee05cf8eaab7be724c5efaa7bc6c9b556
  • openssl-libs-1.1.1g-15.el8_4.tuxcare.els20.x86_64.rpm
    sha:2ec7a06ecd5c1afe49879d95fa05472d9d9a1215687556f07a1b496beb85f74a
  • openssl-perl-1.1.1g-15.el8_4.tuxcare.els20.x86_64.rpm
    sha:7f6c650a9d1c1019dc4009c2303f25e8ec6a02e68c129354e0325ebc59a24700
  • openssl-static-1.1.1g-15.el8_4.tuxcare.els20.x86_64.rpm
    sha:46b507e189c5c677dc88d238d29fcb2a310de078f56c4491c81e9ea98289d21f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.