[CLSA-2026:1771955371] openssl: Fix of CVE-2025-69419
Type:
security
Severity:
Important
Release date:
2026-02-24 17:49:36 UTC
Description:
- CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS#12 BMPString containing non-ASCII BMP code point; validate UTF8_putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8
Updated packages:
  • openssl-1.1.1k-12.el8.tuxcare.els5.x86_64.rpm
    sha:18dea7ff48b6b4c6813f3879c28427f0f92cfa7a9e258a54af0cf2aa45d84a65
  • openssl-devel-1.1.1k-12.el8.tuxcare.els5.i686.rpm
    sha:7d633756ad259044fe08e2e43f0b878ffc495c55ea51fd6be7ac2e6319c1641b
  • openssl-devel-1.1.1k-12.el8.tuxcare.els5.x86_64.rpm
    sha:28c77e2790ef625f2b242b036e1f86071a1f69cb37433bf11e4cf820a64fce1e
  • openssl-libs-1.1.1k-12.el8.tuxcare.els5.i686.rpm
    sha:0e4cf5270fabc598ea62eab711f11299e26dffe6b79cd775c9f11bb7088addc1
  • openssl-libs-1.1.1k-12.el8.tuxcare.els5.x86_64.rpm
    sha:ee49c25c00054dc126d0fe489f165bb8d51a9eaa9ab5aa4b8c258c26146434f9
  • openssl-perl-1.1.1k-12.el8.tuxcare.els5.x86_64.rpm
    sha:ba8d44c9b9e02249f74d59c39424813d04a34dfdb7a8772774da147ad4d88f16
  • openssl-static-1.1.1k-12.el8.tuxcare.els5.x86_64.rpm
    sha:d643c12c3e860b545b8ca651ca70d102dc81bee77176450867aea42d34f0cdcf
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.