* [Buildroot] [PATCH 2025.02.x] package/openssl: security bump to 3.5.7
@ 2026-06-18 6:21 Waldemar Brodkorb
0 siblings, 0 replies; only message in thread
From: Waldemar Brodkorb @ 2026-06-18 6:21 UTC (permalink / raw)
To: buildroot
See here for changes:
https://github.com/openssl/openssl/releases/tag/openssl-3.5.7
This release incorporates the following bug fixes and mitigations:
Fixed heap use-after-free in PKCS7_verify().
(CVE-2026-45447)
Fixed CMS AuthEnvelopedData processing may accept forged messages.
(CVE-2026-34182)
Fixed unbounded memory growth in the QUIC PATH_CHALLENGE handler.
(CVE-2026-34183)
Fixed NULL pointer dereference in QUIC server initial packet handling.
(CVE-2026-42764)
Fixed AES-OCB IV ignored on EVP_Cipher() path.
(CVE-2026-45445)
Fixed possible heap buffer overflow in ASN.1 multibyte string conversion.
(CVE-2026-7383)
Fixed out-of-bounds read in CMS password-based decryption.
(CVE-2026-9076)
Fixed heap buffer over-read in ASN.1 content parsing.
(CVE-2026-34180)
Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys.
(CVE-2026-34181)
Fixed possible NULL dereference in password-dased CMS decryption.
(CVE-2026-42766)
Fixed NULL pointer dereference in CRMF EncryptedValue decryption.
(CVE-2026-42767)
Fixed multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt()
and PKCS7_decrypt().
(CVE-2026-42768)
Fixed trust anchor substitution via cert/issuer typo in CMP
rootCaKeyUpdate.
(CVE-2026-42769)
Fixed FFC-DH peer validation uses attacker-supplied q.
(CVE-2026-42770)
Fixed incorrect tag processing for empty messages in AES-GCM-SIV
and AES-SIV modes.
(CVE-2026-45446)
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
---
package/libopenssl/libopenssl.hash | 4 ++--
package/libopenssl/libopenssl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 781701532d..8a7186d669 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://github.com/openssl/openssl/releases/download/openssl-3.5.6/openssl-3.5.6.tar.gz.sha256
-sha256 deae7c80cba99c4b4f940ecadb3c3338b13cb77418409238e57d7f31f2a3b736 openssl-3.5.6.tar.gz
+# From https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz.sha256
+sha256 a8c0d28a529ca480f9f36cf5792e2cd21984552a3c8e4aa11a24aa31aeac98e8 openssl-3.5.7.tar.gz
# License files
sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 837c3f0346..a9e18f96ac 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBOPENSSL_VERSION = 3.5.6
+LIBOPENSSL_VERSION = 3.5.7
LIBOPENSSL_SITE = https://github.com/openssl/openssl/releases/download/openssl-$(LIBOPENSSL_VERSION)
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = Apache-2.0
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-18 6:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-18 6:21 [Buildroot] [PATCH 2025.02.x] package/openssl: security bump to 3.5.7 Waldemar Brodkorb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox