CLSA-2026-1778787445

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1778787445.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1778787445
Upstream
  • CVE-2026-28387
  • CVE-2026-28388
  • CVE-2026-28389
Published
2026-05-14T22:19:12Z
Modified
2026-06-04T09:47:36.387592508Z
Summary
Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389
Details
  • SECURITY UPDATE: Use-after-free / heap corruption in danematch() of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree() instead of X509_free(), bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An attacker able to influence the DANE TLSA records used during certificate verification can trigger memory corruption.
    • debian/patches/CVE-2026-28387.patch: replace OPENSSLfree(dane->mcert) with X509free(dane->mcert) in danematch() in crypto/x509/x509vfy.c.
    • CVE-2026-28387
  • SECURITY UPDATE: NULL pointer dereference in checkdeltabase() of the X.509 CRL verifier when a delta CRL lacks the CRL Number extension. A remote attacker controlling a delta CRL can trigger a crash, leading to denial of service in applications using -crlcheck with -usedeltas.
    • debian/patches/CVE-2026-28388.patch: NULL-check delta->crlnumber before passing it to ASN1INTEGERcmp() in checkdeltabase() in crypto/x509/x509vfy.c, and ship the upstream test fixtures and verify recipe.
    • CVE-2026-28388
  • SECURITY UPDATE: NULL pointer dereference in dhcmssetsharedinfo() and ecdhcmssetsharedinfo() when a CMS KeyAgreeRecipientInfo has no KeyEncryptionAlgorithmIdentifier parameters field, allowing a remote attacker to trigger a denial of service via crafted CMS data.
    • debian/patches/CVE-2026-28389.patch: NULL-check alg->parameter before accessing its type in crypto/dh/dhameth.c and crypto/ec/ecameth.c.
    • CVE-2026-28389
References

Affected packages

TuxCare:Ubuntu:18.04 / libssl-dev

Package

Name
libssl-dev
Purl
pkg:deb/tuxcare/libssl-dev?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.23+tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1778787445.json"

TuxCare:Ubuntu:18.04 / libssl-doc

Package

Name
libssl-doc
Purl
pkg:deb/tuxcare/libssl-doc?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.23+tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1778787445.json"

TuxCare:Ubuntu:18.04 / libssl1.1

Package

Name
libssl1.1
Purl
pkg:deb/tuxcare/libssl1.1?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.23+tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1778787445.json"

TuxCare:Ubuntu:18.04 / openssl

Package

Name
openssl
Purl
pkg:deb/tuxcare/openssl?distro=ubuntu-18.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.1-1ubuntu2.1~18.04.23+tuxcare.els9

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1778787445.json"