[CLSA-2026:1781549039] openssl: Fix of CVE-2026-45447
Type:
security
Severity:
Critical
Release date:
2026-06-15 18:47:57 UTC
Description:
- CVE-2026-45447: fix use-after-free in PKCS7_verify() by freeing the BIO chain explicitly, stopping at the caller-owned indata BIO
CVEs fixed:
Updated packages:
  • openssl-1.1.1k-5.el8_5.tuxcare.els19.x86_64.rpm
    sha:728c45908058fe0f2539b54b481209b8bc251a4ce818322aa9c5e7cba0d09b65
  • openssl-devel-1.1.1k-5.el8_5.tuxcare.els19.i686.rpm
    sha:d5447d626ff8cc5ea1a1c258ba3e4df2f7ee2349fcb4951606f22c815ba54377
  • openssl-devel-1.1.1k-5.el8_5.tuxcare.els19.x86_64.rpm
    sha:8272e8b0e055a8299a058cf7373566d7e6941bb9c1e99e453ceb7ac029fca780
  • openssl-libs-1.1.1k-5.el8_5.tuxcare.els19.i686.rpm
    sha:454bcb63bec82b4e7ae9c6efb804ce4d03c3679731e36dbdff4e4eb58b4f5622
  • openssl-libs-1.1.1k-5.el8_5.tuxcare.els19.x86_64.rpm
    sha:bc8e4862477f2afec200e5a244012f414ed2ab8b82e9d8c241e8263478ce93b0
  • openssl-perl-1.1.1k-5.el8_5.tuxcare.els19.x86_64.rpm
    sha:29bb8553a4d1b998a0ff9f109711ffcfe9a988f834f7211a7ae60deb29bfcf07
  • openssl-static-1.1.1k-5.el8_5.tuxcare.els19.x86_64.rpm
    sha:f5088a78412109f387615e6624c8270bf42c7f5751d66b47728e08d9b4687774
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.