Release date:
2026-06-15 18:52:46 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in ASN1_mbstring_ncopy() where
the destination length for BMPSTRING and UNIVERSALSTRING output is
computed by a signed left shift that can overflow int, producing an
undersized allocation followed by out-of-bounds writes for oversized
attacker-controlled inputs reaching ASN1_mbstring_copy() or
ASN1_mbstring_ncopy() directly.
- debian/patches/CVE-2026-7383.patch: reject oversized inputs before
the shifts and in out_utf8() in crypto/asn1/a_mbstr.c.
- CVE-2026-7383
* SECURITY UPDATE: Out-of-bounds read in kek_unwrap_key() check-byte
validation when a CMS PasswordRecipientInfo uses a KEK cipher with a
block size smaller than 4 octets, making the decrypted buffer smaller
than the seven octets the check-byte test reads.
- debian/patches/CVE-2026-9076.patch: reject blocklen < 4 and
oversized inlen in kek_unwrap_key() in crypto/cms/cms_pwri.c.
- CVE-2026-9076
* SECURITY UPDATE: Heap buffer over-read in ASN.1 content parsing: the
long content length was truncated to int in asn1_ex_c2i(), so
ASN1_STRING_set() could be called with an inconsistent length.
- debian/patches/CVE-2026-34180.patch: pass the length as long in
asn1_ex_c2i() and reject lengths not representable as int in
crypto/asn1/tasn_dec.c.
- CVE-2026-34180
* SECURITY UPDATE: NULL pointer dereference when processing CMS
PasswordRecipientInfo with the optional keyDerivationAlgorithm field
absent, allowing a denial of service via crafted CMS messages.
- debian/patches/CVE-2026-42766.patch: fail cleanly when
keyDerivationAlgorithm is missing in crypto/cms/cms_pwri.c.
- CVE-2026-42766
Updated packages:
-
libssl-dev_1.1.1f-1ubuntu2.24+tuxcare.els7_amd64.deb
sha:856c4987685b2a42d971652097fc7e1e5f4151c0
-
libssl-doc_1.1.1f-1ubuntu2.24+tuxcare.els7_all.deb
sha:29b925c9396b805fb1875d9cf371cebc1070421a
-
libssl1.1_1.1.1f-1ubuntu2.24+tuxcare.els7_amd64.deb
sha:e7c42b165798c71e272d129e6ceee201b2bcb0ca
-
openssl_1.1.1f-1ubuntu2.24+tuxcare.els7_amd64.deb
sha:97e31427417809cf23db148fc9b489bc8a5b2dba
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.