CLSA-2026-1778787445 Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389

SECURITY UPDATE: Use-after-free / heap corruption in danematch of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree instead of X509free, bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An...

curl: rustls backend silently ignores CURLOPT_CRLFILE when native CA store is active

Hi all, When the rustls backend is configured to use the OS native CA store --ca-native / CURLSSLOPTNATIVECA, any CRL file supplied via --crlfile / CURLOPTCRLFILE is silently ignored. The option is accepted — CURLEOK from curleasysetopt, exit 0 from the command line — and revoked certificates pas...

CLSA-2026-1778583971 Fix CVE(s): CVE-2026-28387, CVE-2026-28388

SECURITY UPDATE: A use-after-free / heap corruption in danematch of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree instead of X509free, bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An...

CLSA-2026-1778071148 openssl: Fix of 4 CVEs

CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane-mcert in danematch X509 reference-count bypass / UAF - CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number - CVE-2026-28389: fix NULL deref in...

CLSA-2026-1778020035 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

CLSA-2026-1777999127 Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390

SECURITY UPDATE: fix UAF/double-free in DANE client by using X509free for dane-mcert - debian/patches/CVE-2026-28387.patch: fix UAF/double-free in DANE client by using X509free for dane-mcert - CVE-2026-28387 SECURITY UPDATE: NULL check delta-crlnumber before ASN1INTEGERcmp in checkdeltabase -...

Astra Linux - уязвимость в libksba

Before version 1.6.3, Libksba was vulnerable to an integer overflow vulnerability in the CRL signature parser...

Astra Linux - уязвимость в libksba

A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...

Astra Linux - уязвимость в openssl

There is a type confusion vulnerability related to X.400 address processing within an X.509 GENERALNAME. X.400 addresses are parsed as ASN1STRING, but the public structure definition for GENERALNAME incorrectly specifies the type of the x400Address field as ASN1TYPE. This field is subsequently...

Astra Linux - уязвимость в strongswan

strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity and intermediate CA certificate that contains a CRL/OCSP URL that points to a server under the attacker's control that doesn't properly respond but for example jus...

OPENSUSE-SU-2026:20658-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

Important: edk2

Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...

Medium: openssl

Issue Overview: NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NULL dereference when processing CMS KeyTransportRecipientInfo...

Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-010 (ALASOPENSSL-SNAPSAFE-2026-010)

The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-010 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE:...

JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

JLSEC-2026-234 Vulnerable OpenSSL included in cryptography wheels

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

JLSEC-2026-273

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

CLSA-2026-1777297012 openssl: Fix of 3 CVEs

CVE-2026-28388: fix NULL dereference in checkdeltabase when a Delta CRL lacks the CRL Number extension - CVE-2026-28389: fix NULL dereference in dh/ecdhcmssetsharedinfo when KeyEncryptionAlgorithmIdentifier has no parameters field - CVE-2026-28390: fix NULL dereference in rsacmsdecrypt when the...

OESA-2026-2082 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...

OESA-2026-2081 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...