ALSA-2026:25237

[ALSA-2026:25237] Important: openssl security update

Type:

security

Severity:

important

Release date:

2026-06-11

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.  

Security Fix(es):  

  * openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing (CVE-2026-7383)
  * openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption (CVE-2026-9076)
  * openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. (CVE-2026-34180)
  * openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys (CVE-2026-34181)
  * openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages (CVE-2026-34182)
  * openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (CVE-2026-34183)
  * openssl: NULL pointer dereference in QUIC server initial packet handling (CVE-2026-42764)
  * openssl: Possible NULL Dereference in Password-Based CMS Decryption (CVE-2026-42766)
  * openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption (CVE-2026-42767)
  * openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (CVE-2026-42768)
  * openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (CVE-2026-42769)
  * openssl: FFC-DH Peer Validation Uses Attacker-Supplied q (CVE-2026-42770)
  * openssl: AES-OCB IV Ignored on EVP_Cipher() Path (CVE-2026-45445)
  * openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (CVE-2026-45446)
  * openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() (CVE-2026-45447)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssl-devel-3.5.5-4.el10_2.alma.1.aarch64.rpm	17eb3cdbff0aa11fdcd7a406072e397b6e26f041f536342c8b2f41a7c1d4c18c
aarch64	openssl-3.5.5-4.el10_2.alma.1.aarch64.rpm	2a0a2d48e4bf5cc70e1e9660bc9d878d443eadd6d9d32c7825f00c1a91a302a0
aarch64	openssl-libs-3.5.5-4.el10_2.alma.1.aarch64.rpm	7e92afead25487cb8d0334e1cb9313abe3c5708ce8cc03235ee36c0acd025e80
aarch64	openssl-perl-3.5.5-4.el10_2.alma.1.aarch64.rpm	c0e5435f72ef90d9cf535d91460d8db5053051b317931dd25c214fc4188b57ef
ppc64le	openssl-perl-3.5.5-4.el10_2.alma.1.ppc64le.rpm	13bbef4fd147698e295358e9794e926f76d0a7e9b8b12d0105bf6c532f97bb8d
ppc64le	openssl-devel-3.5.5-4.el10_2.alma.1.ppc64le.rpm	503447e0273460b4e40e78bc253041366a136a1393b2cb54f7f2a1b71c6e03af
ppc64le	openssl-libs-3.5.5-4.el10_2.alma.1.ppc64le.rpm	ba2698c2a4cb8acb88ea53fd502f0790d335f8eea15e73fd7f94e2d74117ff04
ppc64le	openssl-3.5.5-4.el10_2.alma.1.ppc64le.rpm	e1570d355e17621ec300d85bf831922b31a374afc008ef04f1ff360b802f6c16
s390x	openssl-libs-3.5.5-4.el10_2.alma.1.s390x.rpm	520e4a0a71a1087402bb1af811af15a99ccc46857914fbafd2230c0cb5ee709d
s390x	openssl-devel-3.5.5-4.el10_2.alma.1.s390x.rpm	73ce18b8ac9f44abbe3913ab36d9f01d78ac279ba4ff16104669790136bb5a09
s390x	openssl-perl-3.5.5-4.el10_2.alma.1.s390x.rpm	b2f8aec19c8118d65134f747ab589c64c6427df5036a2797d056be559fca479e
s390x	openssl-3.5.5-4.el10_2.alma.1.s390x.rpm	ba58993ded5f13e10f8db9f6a366b5407c779b81683635078c7122ccbc22b33b
x86_64	openssl-devel-3.5.5-4.el10_2.alma.1.x86_64.rpm	2fb8fb641d39efc22ce2216b79db1cfed658f1ffd8ce9a6cf287b0948b3b627a
x86_64	openssl-libs-3.5.5-4.el10_2.alma.1.x86_64.rpm	50bd079106769d301ccaeab4cdae74653da61bd4a38a64965e780aaf5e9c2f1a
x86_64	openssl-3.5.5-4.el10_2.alma.1.x86_64.rpm	85c953731c6523bfef762b78a7a6e02ad9381da19928d619ffd7b36d71392267
x86_64	openssl-perl-3.5.5-4.el10_2.alma.1.x86_64.rpm	8c92b3df8b14139ef0165abc4ade9876ba377d5696861efac1cb08f400c9e912
x86_64_v2	openssl-devel-3.5.5-4.el10_2.alma.1.x86_64_v2.rpm	1bf2da08983b30e809f0ceb67ee5bf0a4bedca638caebbeadacc422852cb93f9
x86_64_v2	openssl-libs-3.5.5-4.el10_2.alma.1.x86_64_v2.rpm	4ff72e66b9ddde320c01e7c1dfabcbc00eeea4fc069b3a1ea08c127f08997c1a
x86_64_v2	openssl-3.5.5-4.el10_2.alma.1.x86_64_v2.rpm	881a7705b9420e037533451463422dc8bd13b5ccb4fdbff65a1c18f91e957fe2
x86_64_v2	openssl-perl-3.5.5-4.el10_2.alma.1.x86_64_v2.rpm	b88d5b32017d6a101dedc3bcbc4b7c9fc9058a1efcb98ee7b5272e756834c703

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.