CLSA-2026-1779094874

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779094874.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1779094874
Upstream
  • CVE-2026-28388
  • CVE-2026-28389
Published
2026-05-18T09:01:19Z
Modified
2026-06-04T09:47:03.978106818Z
Summary
Fix CVE(s): CVE-2026-28388, CVE-2026-28389
Details
  • SECURITY UPDATE: NULL pointer dereference in checkdeltabase() when a delta CRL is processed without the required CRL Number extension and X509VFLAGUSEDELTAS is enabled, leading to a denial of service.
    • debian/patches/CVE-2026-28388.patch: add NULL check for delta->crlnumber before ASN1INTEGERcmp() in checkdelta_base()
    • CVE-2026-28388
  • SECURITY UPDATE: NULL pointer dereference in dhcmssetsharedinfo() and ecdhcmssetsharedinfo() when a CMS EnvelopedData message uses KeyAgreeRecipientInfo with a KeyEncryptionAlgorithmIdentifier whose optional parameter field is omitted, leading to a denial of service.
    • debian/patches/CVE-2026-28389.patch: check alg->parameter for NULL before accessing its type field in dhcmssetsharedinfo() and ecdhcmssetsharedinfo()
    • CVE-2026-28389
References

Affected packages

TuxCare:Ubuntu:16.04 / libssl-dev

Package

Name
libssl-dev
Purl
pkg:deb/tuxcare/libssl-dev?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.21+tuxcare.els15

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779094874.json"

TuxCare:Ubuntu:16.04 / libssl-doc

Package

Name
libssl-doc
Purl
pkg:deb/tuxcare/libssl-doc?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.21+tuxcare.els15

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779094874.json"

TuxCare:Ubuntu:16.04 / libssl1.0.0

Package

Name
libssl1.0.0
Purl
pkg:deb/tuxcare/libssl1.0.0?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.21+tuxcare.els15

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779094874.json"

TuxCare:Ubuntu:16.04 / openssl

Package

Name
openssl
Purl
pkg:deb/tuxcare/openssl?distro=ubuntu-16.04

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2g-1ubuntu4.21+tuxcare.els15

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2026-1779094874.json"