Release date:
2026-06-12 15:02:36 UTC
Description:
* SECURITY UPDATE: Use-after-free in PKCS7_verify() during BIO chain cleanup
- debian/patches/CVE-2026-45447.patch: free the BIO chain built by
PKCS7_dataInit() one BIO at a time, stopping at the caller-provided
indata BIO, in PKCS7_verify() in crypto/pkcs7/pk7_smime.c instead of
relying on BIO_pop()/BIO_free_all() which could leave a dangling
reference and trigger a use-after-free
- CVE-2026-45447
Updated packages:
-
libssl-dev_1.1.1f-1ubuntu2.24+tuxcare.els6_amd64.deb
sha:de5b7d66cf18b13e0929be379042831f6a2b4622
-
libssl-doc_1.1.1f-1ubuntu2.24+tuxcare.els6_all.deb
sha:fb6746f44d2298bd2ce14c05e0688e167e8b97e6
-
libssl1.1_1.1.1f-1ubuntu2.24+tuxcare.els6_amd64.deb
sha:c6430f99e795ab4c9fae984ade0ce09e6e895dfb
-
openssl_1.1.1f-1ubuntu2.24+tuxcare.els6_amd64.deb
sha:50799af1285f282fe443961e69aaa5d7155f8ee0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
