[CLSA-2026:1772098723] openssl: Fix of CVE-2025-69419
Type:
security
Severity:
Important
Release date:
2026-02-26 09:38:47 UTC
Description:
- CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS#12 BMPString containing non-ASCII BMP code point; validate UTF8_putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8
Updated packages:
  • openssl-1.1.1k-5.el8.5.tuxcare.els16.x86_64.rpm
    sha:51911e0be1d82593819ff27a901a7f96e2c9280d244f305fa343e7f32e1c099e
  • openssl-devel-1.1.1k-5.el8.5.tuxcare.els16.i686.rpm
    sha:f8cb4a24187e7906fb316ef51ae48d7f52ab467c197a6df60bee5e051f956e45
  • openssl-devel-1.1.1k-5.el8.5.tuxcare.els16.x86_64.rpm
    sha:c27e584eb3cfda7ffccc538e252c8c622efc8bda340cd4d871d6f73c155d9861
  • openssl-libs-1.1.1k-5.el8.5.tuxcare.els16.i686.rpm
    sha:4c51736a36a1eead524ff591e8c63ab4be61cb8696019bbcb19c5932ffae8e9e
  • openssl-libs-1.1.1k-5.el8.5.tuxcare.els16.x86_64.rpm
    sha:68f75a582678b3b66e6c3f1189b520d6aef5ca3d05251bee8ad9338691a922f5
  • openssl-perl-1.1.1k-5.el8.5.tuxcare.els16.x86_64.rpm
    sha:337544ebea96cd43499c3c22ff704a498a6390fde91182d163f4e6112107dd73
  • openssl-static-1.1.1k-5.el8.5.tuxcare.els16.x86_64.rpm
    sha:d8a7e4f1548372a01e94c32ad9882611133b2f342d5bda91765a50a93ab8314b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.