Release date:
2026-04-28 16:27:09 UTC
Description:
* SECURITY UPDATE: NULL dereference in CMS RSA-OAEP decryption when the
optional pSourceFunc parameters field is omitted from a
KeyTransportRecipientInfo, leading to a denial of service.
- debian/patches/CVE-2026-28390.patch: check plab->parameter for NULL
before accessing its type field in rsa_cms_decrypt()
- CVE-2026-28390
Updated packages:
-
libssl-dev_1.0.2g-1ubuntu4.21+tuxcare.els14_amd64.deb
sha:1085c82c603fe45de3509a05871a09e66d00b34c
-
libssl-doc_1.0.2g-1ubuntu4.21+tuxcare.els14_all.deb
sha:8bb764d9b13e6f0d4bde2389174ae077abb91bf9
-
libssl1.0.0_1.0.2g-1ubuntu4.21+tuxcare.els14_amd64.deb
sha:35613fbb42238c307dadcc34b4b9520a4632cd6e
-
openssl_1.0.2g-1ubuntu4.21+tuxcare.els14_amd64.deb
sha:76ee30786b7831a478dd52c668002ac5aa696ce5
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
