ELSA-2026-50008

ELSA-2026-50008 - openssl security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-01-13

Description

[1:1.1.1k-14]
- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap
Fix CVE-2025-9230
Resolves: RHEL-128613
- Fix bug for ticket_lifetime_hint exceed issue
Resolves: RHEL-119891

[1:1.1.1k-13]
- Backport fix SSL_select_next proto from OpenSSL 3.2
Fix CVE-2024-5535
Resolves: RHEL-45654

Related CVEs

CVE-2025-9230

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	openssl-1.1.1k-14.ksplice1.el8_10.src.rpm	33b10a33c550d2d1030864ac8b64b1853ade380ee848bd226da677f1de9b95dc	-	ol8_aarch64_userspace_ksplice
	openssl-1.1.1k-14.ksplice1.el8_10.aarch64.rpm	d202b111bc47a6dbe325703bee4a69fa1d1e2f46790d998cf8e7d534d17093e1	-	ol8_aarch64_userspace_ksplice
	openssl-devel-1.1.1k-14.ksplice1.el8_10.aarch64.rpm	ad95cac0e97d5b7b6e2773c011ceb7272e6750d535270e11266d4e90d7243c96	-	ol8_aarch64_userspace_ksplice
	openssl-libs-1.1.1k-14.ksplice1.el8_10.aarch64.rpm	0e6aa66cfbea2ac042e92ddf6a6ee14b48de1251d215e98419940258461059d6	-	ol8_aarch64_userspace_ksplice
	openssl-perl-1.1.1k-14.ksplice1.el8_10.aarch64.rpm	2e9503827c9716e4a9aa1f49683262c8a4c5faaf44f0908fea005768fefd6cad	-	ol8_aarch64_userspace_ksplice
	openssl-static-1.1.1k-14.ksplice1.el8_10.aarch64.rpm	34c11bcf7a4e32144082931ad212c067268c2365392bffc44d121a1fd7820583	-	ol8_aarch64_userspace_ksplice

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team