[CLSA-2026:1781549242] Fix CVE(s): CVE-2026-34180, CVE-2026-42766, CVE-2026-7383, CVE-2026-9076
Type:
security
Severity:
Important
Release date:
2026-06-15 18:52:46 UTC
Description:
* SECURITY UPDATE: Heap buffer overflow in ASN1_mbstring_ncopy() where the destination length for BMPSTRING and UNIVERSALSTRING output is computed by a signed left shift that can overflow int, producing an undersized allocation followed by out-of-bounds writes for oversized attacker-controlled inputs reaching ASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly. - debian/patches/CVE-2026-7383.patch: reject oversized inputs before the shifts and in out_utf8() in crypto/asn1/a_mbstr.c. - CVE-2026-7383 * SECURITY UPDATE: Out-of-bounds read in kek_unwrap_key() check-byte validation when a CMS PasswordRecipientInfo uses a KEK cipher with a block size smaller than 4 octets, making the decrypted buffer smaller than the seven octets the check-byte test reads. - debian/patches/CVE-2026-9076.patch: reject blocklen < 4 and oversized inlen in kek_unwrap_key() in crypto/cms/cms_pwri.c. - CVE-2026-9076 * SECURITY UPDATE: Heap buffer over-read in ASN.1 content parsing: the long content length was truncated to int in asn1_ex_c2i(), so ASN1_STRING_set() could be called with an inconsistent length. - debian/patches/CVE-2026-34180.patch: pass the length as long in asn1_ex_c2i() and reject lengths not representable as int in crypto/asn1/tasn_dec.c. - CVE-2026-34180 * SECURITY UPDATE: NULL pointer dereference when processing CMS PasswordRecipientInfo with the optional keyDerivationAlgorithm field absent, allowing a denial of service via crafted CMS messages. - debian/patches/CVE-2026-42766.patch: fail cleanly when keyDerivationAlgorithm is missing in crypto/cms/cms_pwri.c. - CVE-2026-42766
Updated packages:
  • libssl-dev_1.1.1f-1ubuntu2.24+tuxcare.els7_amd64.deb
    sha:856c4987685b2a42d971652097fc7e1e5f4151c0
  • libssl-doc_1.1.1f-1ubuntu2.24+tuxcare.els7_all.deb
    sha:29b925c9396b805fb1875d9cf371cebc1070421a
  • libssl1.1_1.1.1f-1ubuntu2.24+tuxcare.els7_amd64.deb
    sha:e7c42b165798c71e272d129e6ceee201b2bcb0ca
  • openssl_1.1.1f-1ubuntu2.24+tuxcare.els7_amd64.deb
    sha:97e31427417809cf23db148fc9b489bc8a5b2dba
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.