CLSA-2026-1777999127
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1777999127.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1777999127
- Upstream
- Published
- 2026-05-05T16:38:52Z
- Modified
- 2026-06-04T09:45:25.073440789Z
- Summary
- Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390
- Details
-
- SECURITY UPDATE: fix UAF/double-free in DANE client by using X509free() for dane->mcert
- debian/patches/CVE-2026-28387.patch: fix UAF/double-free in DANE client by using X509
- CVE-2026-28387
- SECURITY UPDATE: NULL check delta->crlnumber before ASN1INTEGERcmp() in checkdeltabase()
- debian/patches/CVE-2026-28388.patch: NULL check delta->crlnumber before ASN1INTEGERcmp() in checkdelta
- CVE-2026-28388
- SECURITY UPDATE: NULL check alg->parameter in [ec]dhcmssetsharedinfo() before deref
- debian/patches/CVE-2026-28389.patch: NULL check alg->parameter in [ec]dhcmssetsharedinfo() before deref
- CVE-2026-28389
- SECURITY UPDATE: NULL check plab->parameter in rsacmsdecrypt() before deref
- debian/patches/CVE-2026-28390.patch: NULL check plab->parameter in rsacmsdecrypt() before deref
- CVE-2026-28390
- SECURITY UPDATE: fix UAF/double-free in DANE client by using X509free() for dane->mcert
- References
Affected packages
TuxCare:Debian:10 / libssl-dev
Package
- Name
- libssl-dev
- Purl
- pkg:deb/tuxcare/libssl-dev?distro=debian-10
TuxCare:Debian:10 / libssl-doc
Package
- Name
- libssl-doc
- Purl
- pkg:deb/tuxcare/libssl-doc?distro=debian-10
TuxCare:Debian:10 / libssl1.1
Package
- Name
- libssl1.1
- Purl
- pkg:deb/tuxcare/libssl1.1?distro=debian-10