openssl-1.1.1k-16.el8_6
エラータID: AXSA:2026-792:09
リリース日:
2026/06/18 Thursday - 14:59
題名:
openssl-1.1.1k-16.el8_6
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- OpenSSL の SSL_free_buffers() API 関数には、メモリ領域の解放後
利用の問題があるため、リモートの攻撃者により、当該 API 関数の呼び
出しを介して、任意のコードの実行、およびデータ破壊などを可能とする
脆弱性が存在します。(CVE-2024-4741)
- OpenSSL には、メモリ領域の解放後利用の問題があるため、リモート
の攻撃者により、任意のコードの実行、メモリ破壊、およびサービス拒否
攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2026-45447)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-4741
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
CVE-2026-45447
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.
追加情報:
N/A
ダウンロード:
SRPMS
- openssl-1.1.1k-16.el8_6.src.rpm
MD5: c5691ee935b499de493dbf2b0b588f25
SHA-256: c833a0666e09a3c70a1e5ca5937f8ec7cf9f6e958d8802f617acdccd33479057
Size: 7.39 MB
Asianux Server 8 for x86_64
- openssl-1.1.1k-16.el8_6.x86_64.rpm
MD5: 555f5ee887c953d2d36c6dac50392e3c
SHA-256: c302c8fae06bb934c158af132a9c5b50fdc81c9c072814110f92aa605924bca6
Size: 710.55 kB - openssl-devel-1.1.1k-16.el8_6.i686.rpm
MD5: 06d0639f0635d26f7338273fa565c3b4
SHA-256: 9e43ab2a40d11e610fd53d95dcd0e8dbd6c8b40f407edbb19c833c3ac60c53ed
Size: 2.33 MB - openssl-devel-1.1.1k-16.el8_6.x86_64.rpm
MD5: 2421dfee04d56f927f7e578474e70c8b
SHA-256: 8c8aa8a0c196452706bdccb6db8adfe131325d31a677a525d133933d4c4239c0
Size: 2.33 MB - openssl-libs-1.1.1k-16.el8_6.i686.rpm
MD5: 619d0eca9973dbfb30122eb1d56ea29d
SHA-256: 416277f183aae5b2b389b1ef29f95e19e5cfb8926d539944ad705b98ca558300
Size: 1.48 MB - openssl-libs-1.1.1k-16.el8_6.x86_64.rpm
MD5: 7cda3e4a134462579474ebbf2223c416
SHA-256: 7762c4e7d2d375c31c5e06bccae13a3dba78053667264c3217814636752810d2
Size: 1.47 MB - openssl-perl-1.1.1k-16.el8_6.x86_64.rpm
MD5: d3acaa7ed73d9753080409c6c8db00c9
SHA-256: a49499ac8fe27bac267b6c42a00d61159f442804e92d8565854705c50a49bf52
Size: 83.16 kB
English