CLSA-2026-1778071148

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1778071148.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1778071148
Upstream
  • CVE-2026-28387
  • CVE-2026-28388
  • CVE-2026-28389
  • CVE-2026-31789
Published
2026-05-06T12:39:15Z
Modified
2026-06-01T00:32:28.697365323Z
Summary
openssl: Fix of 4 CVEs
Details
  • CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane->mcert in dane_match() (X509 reference-count bypass / UAF)
  • CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number
  • CVE-2026-28389: fix NULL deref in dhcmssetsharedinfo / ecdhcmssetsharedinfo on absent CMS KARI parameters
  • CVE-2026-31789: fix integer overflow in OPENSSLbuf2hexstr causing heap OOB write when converting > SIZEMAX/3 bytes (32-bit builds)
References

Affected packages

TuxCare:AlmaLinux:9.2 / openssl

Package

Name
openssl
Purl
pkg:rpm/tuxcare/openssl?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.0.7-20.el9_2.tuxcare.1.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1778071148.json"

TuxCare:AlmaLinux:9.2 / openssl-devel

Package

Name
openssl-devel
Purl
pkg:rpm/tuxcare/openssl-devel?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.0.7-20.el9_2.tuxcare.1.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1778071148.json"

TuxCare:AlmaLinux:9.2 / openssl-libs

Package

Name
openssl-libs
Purl
pkg:rpm/tuxcare/openssl-libs?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.0.7-20.el9_2.tuxcare.1.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1778071148.json"

TuxCare:AlmaLinux:9.2 / openssl-perl

Package

Name
openssl-perl
Purl
pkg:rpm/tuxcare/openssl-perl?distro=almalinux-9.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:3.0.7-20.el9_2.tuxcare.1.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.2esu/CLSA-2026-1778071148.json"