ELSA-2026-50323
- ULN >
- Oracle Linux Errata repository >
- ELSA-2026-50323
ELSA-2026-50323 - openssl security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-06-18 |
Description
[1:1.1.1k-16]
- Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify()
Resolves: RHEL-180978
- Fix CVE-2024-4741: Use After Free with SSL_free_buffers
Resolves: RHEL-180983
[1:1.1.1k-15]
- Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients
Resolves: RHEL-149165
Resolves: RHEL-142715
[1:1.1.1k-14.1]
- Backport fix for openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
Fix CVE-2025-9230
Resolves: RHEL-128615
[1:1.1.1k-14]
- Backport fix SSL_select_next proto from OpenSSL 3.2
Fix CVE-2024-5535
Resolves: RHEL-45654
Related CVEs
| CVE-2024-4741 |
| CVE-2026-45447 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | openssl-1.1.1k-16.ksplice1.el8_6.src.rpm | 4d6e8c52e5d63b1cb949ef5b70151264c3d650e70745ed38c7be3554fa1ec4a6 | - | ol8_aarch64_userspace_ksplice |
| openssl-1.1.1k-16.ksplice1.el8_6.aarch64.rpm | 798a2aa67f8f659c46252ad498bc144aff1d8ee6342556621f1e38c35d86166d | - | ol8_aarch64_userspace_ksplice | |
| openssl-devel-1.1.1k-16.ksplice1.el8_6.aarch64.rpm | 5e4bd04ac18f8112bebc6c75887fa011a14750ab8d7ca89905a8569951b0c384 | - | ol8_aarch64_userspace_ksplice | |
| openssl-libs-1.1.1k-16.ksplice1.el8_6.aarch64.rpm | 287279f90bcf8b9c82e35f405d4229555f00d5a7263321961f5d15bfee3c9de8 | - | ol8_aarch64_userspace_ksplice | |
| openssl-perl-1.1.1k-16.ksplice1.el8_6.aarch64.rpm | 158724f250ae36bc151f92ccaea35e69291d0cbd7e32313c82aed92e3eedbe2c | - | ol8_aarch64_userspace_ksplice | |
| openssl-static-1.1.1k-16.ksplice1.el8_6.aarch64.rpm | 22b055341391e9b6a8ad8f11bbe283ed29d0980e0a49ba1278e99dc810e61789 | - | ol8_aarch64_userspace_ksplice | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
