Updated openssl packages fix security vulnerabilities
Publication date: 10 Apr 2026Modification date: 10 Apr 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-31790 , CVE-2026-28387 , CVE-2026-28388 , CVE-2026-28389 , CVE-2026-28390 , CVE-2026-31789
Description
Incorrect Failure Handling in RSA KEM RSASVE Encapsulation.
(CVE-2026-31790)
Potential Use-after-free in DANE Client Code. (CVE-2026-28387)
NULL Pointer Dereference When Processing a Delta CRL. (CVE-2026-28388)
Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo.
(CVE-2026-28390)
Heap Buffer Overflow in Hexadecimal Conversion. (CVE-2026-31789)
References
- https://bugs.mageia.org/show_bug.cgi?id=35331
- https://www.openwall.com/lists/oss-security/2026/04/07/11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31790
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28388
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28389
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28390
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31789
SRPMS
9/core
- openssl-3.0.20-1.mga9