ALSA-2026:25239

[ALSA-2026:25239] Important: openssl security update

Type:

security

Severity:

important

Release date:

2026-06-12

Description:

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.  

Security Fix(es):  

  * openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing (CVE-2026-7383)
  * openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption (CVE-2026-9076)
  * openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure. (CVE-2026-34180)
  * openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys (CVE-2026-34181)
  * openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages (CVE-2026-34182)
  * openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler (CVE-2026-34183)
  * openssl: NULL pointer dereference in QUIC server initial packet handling (CVE-2026-42764)
  * openssl: Possible NULL Dereference in Password-Based CMS Decryption (CVE-2026-42766)
  * openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption (CVE-2026-42767)
  * openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() (CVE-2026-42768)
  * openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate (CVE-2026-42769)
  * openssl: FFC-DH Peer Validation Uses Attacker-Supplied q (CVE-2026-42770)
  * openssl: AES-OCB IV Ignored on EVP_Cipher() Path (CVE-2026-45445)
  * openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes (CVE-2026-45446)
  * openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() (CVE-2026-45447)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	openssl-perl-3.5.5-4.el9_8.aarch64.rpm	20a07fb4976111b797cc77799f174f7401090c0f5e8a287c82e194a9cb8da8d3
aarch64	openssl-devel-3.5.5-4.el9_8.aarch64.rpm	85a710cd2bf67827edbff451d77ed8ef3a0302661487efae9bddabbc6b38e113
aarch64	openssl-3.5.5-4.el9_8.aarch64.rpm	e9cebc88f093b58561f315eece6b10f707639b13bd3ace4ae873bdfed065e4d4
aarch64	openssl-libs-3.5.5-4.el9_8.aarch64.rpm	eee5238f855787469d672116d19ba1ec7f12ffe90c0f786f4a298eb9ff5c07da
i686	openssl-devel-3.5.5-4.el9_8.i686.rpm	3c21105b43d39bd16009e45665991acdc188f1a6e0cc594a19c3398df3794615
i686	openssl-libs-3.5.5-4.el9_8.i686.rpm	3cb8f57419f4677d72e87293196556786f6c7f0eb4f1690afc339549f646b41f
ppc64le	openssl-3.5.5-4.el9_8.ppc64le.rpm	10621f7ba4c22f086c6166f01bbe2374111247f31688f87b85647ecf06b8d43a
ppc64le	openssl-perl-3.5.5-4.el9_8.ppc64le.rpm	4993544327856e1a5dabe03e7fc624a9e17a0ab3fa8a35daa1c9620fa4aacc46
ppc64le	openssl-devel-3.5.5-4.el9_8.ppc64le.rpm	5cb204c12359f71b236dccffa94a30bd846caeaf747a5104a6b89c1102765ac9
ppc64le	openssl-libs-3.5.5-4.el9_8.ppc64le.rpm	94c7eeb605b47b6a1fd64771857e293bf30eca37ae19cc354782dd2dfff891d4
s390x	openssl-3.5.5-4.el9_8.s390x.rpm	06212ad91a9dad4fea7dc6d0d8fb025bb1209edd869b37fe4160cbc685fdc89f
s390x	openssl-perl-3.5.5-4.el9_8.s390x.rpm	4a8784547399666f245d26d61af83a3e565bea302bbfd442623186433f6ec903
s390x	openssl-devel-3.5.5-4.el9_8.s390x.rpm	5b8cd0971ca0238fd3dde01dd2299ec2528ae9831b620db6fe9030422323f350
s390x	openssl-libs-3.5.5-4.el9_8.s390x.rpm	c5f1d5f44db0ad8ad449b5c07aa273aef13d11e319960194a0de3820d0cb6f22
x86_64	openssl-devel-3.5.5-4.el9_8.x86_64.rpm	070869255a2bb0b52af692bc249e4aa24c3ab84f863c5e91b6d801290765ac3e
x86_64	openssl-3.5.5-4.el9_8.x86_64.rpm	c94e1203a0e1811c4d5279becfc00aa66bc1548c45fde7c076bc0856d65426a3
x86_64	openssl-perl-3.5.5-4.el9_8.x86_64.rpm	d1b1371f2385d3cb6ed54831d44da5d8546be0ac72b7a2884177e9f8cb4d11ce
x86_64	openssl-libs-3.5.5-4.el9_8.x86_64.rpm	e0ddf24705aa89e5ca19b3743ebc2441e262bdf2f7a897ce1349d1abd8d85a26

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.