CLSA-2026-1778583971 Fix CVE(s): CVE-2026-28387, CVE-2026-28388

SECURITY UPDATE: A use-after-free / heap corruption in danematch of the X.509 verifier where the cached DANE-matched certificate was freed via OPENSSLfree instead of X509free, bypassing the X509 reference counting and freeing certificate fields that may still be referenced by other holders. An...

Security Bulletin: Vulnerability in openssl and openssl-libs affects IBM Db2 Data Management Console .

Summary openssl and openssl-libs open source library is used by IBM Db2 Data Management Console . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400 address...

TencentOS Server 3: compat-openssl10 (TSSA-2025:0443)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0443 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

CVE-2023-51662

The CVE-2023-51662 issue affects Snowflake Connector .NET (Snowflake .NET driver) where Certificate Revocation List (CRL) checks were not performed when insecureMode is false (default). Affected versions are 2.0.25 through 2.1.4 (inclusive); remediation is to upgrade to 2.1.5. Multiple sources (N...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

DEBIAN-CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

openSUSE Security Update : curl (openSUSE-2021-808)

This update for curl fixes the following issues : - CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. - Allow partial chain verification jscSLE-17956 - Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA...

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2021:1762-1)

This update for curl fixes the following issues : CVE-2021-22898: Fixed curl TELNET stack contents disclosure bsc1186114. Allow partial chain verification jscSLE-17956 - Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA...

Scientific Linux Security Update : gnutls on SL4.x, SL5.x i386/x86_64

CVE-2009-3555 TLS: MITM attacks via session renegotiation CVE-2010-0731 gnutls: gnutlsx509crtgetserial incorrect serial decoding from ASN1 BE64 GNUTLS-SA-2010-1 A flaw was found in the way the TLS/SSL Transport Layer Security/Secure Sockets Layer protocols handled session renegotiation. A...