compat-openssl10-1.0.2o-4.el8_10.2
エラータID: AXSA:2026-770:01
リリース日:
2026/06/10 Wednesday - 09:16
題名:
compat-openssl10-1.0.2o-4.el8_10.2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL には、NULL ポインタデリファレンスの問題があるため、
リモートの攻撃者により、リモートの攻撃者により、サービス拒否攻撃
(DoS) を可能とする脆弱性が存在します。(CVE-2026-28390)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-28390
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of Service. When a CMS EnvelopedData message that uses KeyTransportRecipientInfo with RSA-OAEP encryption is processed, the optional parameters field of RSA-OAEP SourceFunc algorithm identifier is examined without checking for its presence. This results in a NULL pointer dereference if the field is missing. Applications and services that call CMS_decrypt() on untrusted input (e.g., S/MIME processing or CMS-based protocols) are vulnerable. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
追加情報:
N/A
ダウンロード:
SRPMS
- compat-openssl10-1.0.2o-4.el8_10.2.src.rpm
MD5: 9bd2326c37ffdb6ec58598f7c71ce5ad
SHA-256: 78fe84be0d2e8e8143f980b3f29955c664bece7320f5f92b8c3f174cd1dfffb7
Size: 3.51 MB
Asianux Server 8 for x86_64
- compat-openssl10-1.0.2o-4.el8_10.2.i686.rpm
MD5: a0da0d32e6a91650012005a111cd6600
SHA-256: fe9c2ec1ae01be56559f38a984eb15542b7622c009efb58afa281a988bd385e4
Size: 0.97 MB - compat-openssl10-1.0.2o-4.el8_10.2.x86_64.rpm
MD5: f826f4eab12a2453868af05dfd630bb5
SHA-256: 634d338dd3a3364dce931105652627d730591d544e45ee63f607899a97972590
Size: 1.13 MB
English