[Pkg-openssl-devel] Bug#1139674: libssl3t64: various CVEs, including CVE-2026-45447 with possible RCE
Christoph Anton Mitterer
calestyo at scientia.org
Thu Jun 11 04:08:43 BST 2026
Package: libssl3t64
Version: 3.6.2-1
Severity: grave
Tags: upstream
Justification: user security hole
Hey.
There's multiple CVEs:
https://openssl-library.org/news/secadv/20260609.txt
includnig CVE-2026-45447 which potentially allows for RCE.
These have all been fixed in stable 2 days ago,
but unstable/testing have been left out (which seems unfortunate,
given that probably many DDs/DMs also run on either of the two).
Cheers,
Chris.
-- System Information:
Debian Release: forky/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 7.0.12+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libssl3t64 depends on:
ii libc6 2.42-16
ii libzstd1 1.5.7+dfsg-3+b2
ii openssl-provider-legacy 3.6.2-1
ii zlib1g 1:1.3.dfsg+really1.3.2-3
libssl3t64 recommends no packages.
libssl3t64 suggests no packages.
-- no debconf information
More information about the Pkg-openssl-devel
mailing list