Red Hat Product Errata RHSA-2026:27745 - Security Advisory
Issued:
2026-06-22
Updated:
2026-06-22

RHSA-2026:27745 - Security Advisory

Synopsis

Moderate: openssl-fips-provider security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

This package provides a custom build of the OpenSSL FIPS module that has been submitted to NIST for certification.

Security Fix(es):

  • openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2451094 - CVE-2026-31790 openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
x86_64
openssl-fips-provider-3.0.7-11.el10_0.x86_64.rpm SHA-256: 8ae696aa5707703d3a1526459600ec6ac9c9f0675fa6f5b9059243c37eef26d6
openssl-fips-provider-so-3.0.7-11.el10_0.x86_64.rpm SHA-256: bcf72cb61c7e6d372da5aeecf5b9350bdfcc917ce2bec114a523128b24d7960c
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.x86_64.rpm SHA-256: a7892cec4f0c1122a0e680e63f93022219fdf55936b410960abb4cf85cca4107
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.x86_64.rpm SHA-256: cab87ac110d9161eb9880759ac2739fd7b78d315f375703936682aaab2a0312f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
s390x
openssl-fips-provider-3.0.7-11.el10_0.s390x.rpm SHA-256: 98b84a39316522289d9f78e1ba61fa8a04b1ab2ef10c992704e67c2944f82547
openssl-fips-provider-so-3.0.7-11.el10_0.s390x.rpm SHA-256: c5499e3f1ab4056e51b3a7d2732b08cd51bba103c00f56eb5c2d1a29db2e07c2
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.s390x.rpm SHA-256: 0444cee2873a5fb562fa56f2cf5aa6690f372ef42afe8a0886ae3e1e6c8698f8
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.s390x.rpm SHA-256: bcbff2635d03703ef281095f8dda84e02da4f5ccf760c31b636c7aed928ad4f7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
ppc64le
openssl-fips-provider-3.0.7-11.el10_0.ppc64le.rpm SHA-256: a235ef5e3d8b047a39db8e11b84298f055b2d8ab34582b2b0ab6079492f98289
openssl-fips-provider-so-3.0.7-11.el10_0.ppc64le.rpm SHA-256: 58d423526bf7173ea92e959b5ad544bc3b778667f41160001f1e1bd80c4aefd7
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.ppc64le.rpm SHA-256: a86b4a85d6849cb369c0cbdaad2747e77185f9afeba31669724656562d4ca200
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.ppc64le.rpm SHA-256: 7efdab14f08b8a48d5ecac4b32eb2ff27b88530ac7709d4b1526ec262cbe2b5d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
aarch64
openssl-fips-provider-3.0.7-11.el10_0.aarch64.rpm SHA-256: 09831b717f41a5decb26b896e44f226ae26da2b798aebbc30fc9f7a516c4c660
openssl-fips-provider-so-3.0.7-11.el10_0.aarch64.rpm SHA-256: f6c488d6d0cdd22cf26259935143d3e71a87581aec6645700cf3fdd067e5fefd
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.aarch64.rpm SHA-256: 93a9db8f9c19c26e65b590175af13b03994eaccf3daaa79e20965e7810710591
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.aarch64.rpm SHA-256: 236fa0102e1f30928cecfde703a39b23bf6db9bc5e70d1c311b794729298f262

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
aarch64
openssl-fips-provider-3.0.7-11.el10_0.aarch64.rpm SHA-256: 09831b717f41a5decb26b896e44f226ae26da2b798aebbc30fc9f7a516c4c660
openssl-fips-provider-so-3.0.7-11.el10_0.aarch64.rpm SHA-256: f6c488d6d0cdd22cf26259935143d3e71a87581aec6645700cf3fdd067e5fefd
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.aarch64.rpm SHA-256: 93a9db8f9c19c26e65b590175af13b03994eaccf3daaa79e20965e7810710591
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.aarch64.rpm SHA-256: 236fa0102e1f30928cecfde703a39b23bf6db9bc5e70d1c311b794729298f262

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
s390x
openssl-fips-provider-3.0.7-11.el10_0.s390x.rpm SHA-256: 98b84a39316522289d9f78e1ba61fa8a04b1ab2ef10c992704e67c2944f82547
openssl-fips-provider-so-3.0.7-11.el10_0.s390x.rpm SHA-256: c5499e3f1ab4056e51b3a7d2732b08cd51bba103c00f56eb5c2d1a29db2e07c2
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.s390x.rpm SHA-256: 0444cee2873a5fb562fa56f2cf5aa6690f372ef42afe8a0886ae3e1e6c8698f8
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.s390x.rpm SHA-256: bcbff2635d03703ef281095f8dda84e02da4f5ccf760c31b636c7aed928ad4f7

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
ppc64le
openssl-fips-provider-3.0.7-11.el10_0.ppc64le.rpm SHA-256: a235ef5e3d8b047a39db8e11b84298f055b2d8ab34582b2b0ab6079492f98289
openssl-fips-provider-so-3.0.7-11.el10_0.ppc64le.rpm SHA-256: 58d423526bf7173ea92e959b5ad544bc3b778667f41160001f1e1bd80c4aefd7
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.ppc64le.rpm SHA-256: a86b4a85d6849cb369c0cbdaad2747e77185f9afeba31669724656562d4ca200
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.ppc64le.rpm SHA-256: 7efdab14f08b8a48d5ecac4b32eb2ff27b88530ac7709d4b1526ec262cbe2b5d

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
openssl-fips-provider-3.0.7-11.el10_0.src.rpm SHA-256: fd8cc72d74a2d6313f747bf3ad318b81700b44b530a83b3c4a8c62ff4a2f6d40
x86_64
openssl-fips-provider-3.0.7-11.el10_0.x86_64.rpm SHA-256: 8ae696aa5707703d3a1526459600ec6ac9c9f0675fa6f5b9059243c37eef26d6
openssl-fips-provider-so-3.0.7-11.el10_0.x86_64.rpm SHA-256: bcf72cb61c7e6d372da5aeecf5b9350bdfcc917ce2bec114a523128b24d7960c
openssl-fips-provider-so-debuginfo-3.0.7-11.el10_0.x86_64.rpm SHA-256: a7892cec4f0c1122a0e680e63f93022219fdf55936b410960abb4cf85cca4107
openssl-fips-provider-so-debugsource-3.0.7-11.el10_0.x86_64.rpm SHA-256: cab87ac110d9161eb9880759ac2739fd7b78d315f375703936682aaab2a0312f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.