openssl-3.5.5-2.el9.ML.1

エラータID: AXSA:2026-866:10

Release date: 
Wednesday, June 24, 2026 - 08:29
Subject: 
openssl-3.5.5-2.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-31790
Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process which leads to sensitive data leakage to an attacker. RSA_public_encrypt() returns the number of bytes written on success and -1 on error. The affected code tests only whether the return value is non-zero. As a result, if RSA encryption fails, encapsulation can still return success to the caller, set the output lengths, and leave the caller to use the contents of the ciphertext buffer as if a valid KEM ciphertext had been produced. If applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an attacker-supplied invalid RSA public key without first validating that key, then this may cause stale or uninitialized contents of the caller-provided ciphertext buffer to be disclosed to the attacker in place of the KEM ciphertext. As a workaround calling EVP_PKEY_public_check() or EVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate the issue. The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. openssl-3.5.5-2.el9.ML.1.src.rpm
    MD5: c0b84e87ce3430a145558f27bf79bb1e
    SHA-256: 4e68c65ad21a731c3fd639c369b7eb18f389c104da3ce60d9e282e8eaa304535
    Size: 50.85 MB

Asianux Server 9 for x86_64
  1. openssl-3.5.5-2.el9.ML.1.x86_64.rpm
    MD5: 65d05c383040f5f7e56f019456f45c3f
    SHA-256: a42b0118d1c086ba04d0b03ce48ea71a3ea05c544f726e739afea4dc01804c12
    Size: 1.46 MB
  2. openssl-devel-3.5.5-2.el9.ML.1.i686.rpm
    MD5: e35409477f59eee78bef6c920c2d2b65
    SHA-256: 0a43fee47b078737969ebe2a727dff0ac902bb92676d27c38197cfcd3f4253b4
    Size: 3.62 MB
  3. openssl-devel-3.5.5-2.el9.ML.1.x86_64.rpm
    MD5: efcb27339f77db4ffd7eb148bbcb4340
    SHA-256: 2a1989ab8a3631eac494b6842bb691fa7866bf731830f4d11200b706c9692b01
    Size: 3.62 MB
  4. openssl-fips-provider-3.5.5-2.el9.ML.1.i686.rpm
    MD5: 2c5a0fd5f2ae0017da73c4249ce01886
    SHA-256: 2e09e964c51a3af68f2802de816e620bf656692dc9bc9470d3faf7d7dd94df2e
    Size: 704.43 kB
  5. openssl-fips-provider-3.5.5-2.el9.ML.1.x86_64.rpm
    MD5: d48e442a0436d79cac774b8006a30640
    SHA-256: 430eaac42a68256304ae8026fbb750a9ba0f6645d566546f7126cbc9176f7a89
    Size: 813.60 kB
  6. openssl-libs-3.5.5-2.el9.ML.1.i686.rpm
    MD5: d6a4f521b44a64ede680ff1e4ce64332
    SHA-256: 65971f626e16dec51c15a97beb80390ccd8e77bf7dde205c6bd4483ce2e65716
    Size: 2.29 MB
  7. openssl-libs-3.5.5-2.el9.ML.1.x86_64.rpm
    MD5: eb130918c090931bbc9d00d21225e0c8
    SHA-256: 1d667d0a1a2f8b734c8d0acfae77f2358e53540228931336b75090426552d180
    Size: 2.30 MB
  8. openssl-perl-3.5.5-2.el9.ML.1.x86_64.rpm
    MD5: 577b98f9f0a08b76814699141e2897b4
    SHA-256: 7370ca21bf0f2a7cced7ec74771f93c5f6f25d782b61bb9020b119c094099e45
    Size: 28.05 kB