Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2026:38503 - Security Advisory
Issued:
2026-07-13
Updated:
2026-07-13

RHSA-2026:38503 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: openssl security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for openssl is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

  • openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

  • BZ - 2456314 - CVE-2026-28390 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

CVEs

  • CVE-2026-28390

References

  • https://access.redhat.com/security/updates/classification/#moderate
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
x86_64
openssl-1.1.1k-17.el8_6.x86_64.rpm SHA-256: d2e8518509c5900095c9811c7663a614b9ef44648e24e61dde954ca07328ad27
openssl-debuginfo-1.1.1k-17.el8_6.i686.rpm SHA-256: b94bab8887d7d59cf66e4e3e1d2d2c24336e7d965424af135ce199332619bd0e
openssl-debuginfo-1.1.1k-17.el8_6.x86_64.rpm SHA-256: b8f798abe8c57b600f92a4142d16743944e165772279848d1bf49804d178d1fb
openssl-debugsource-1.1.1k-17.el8_6.i686.rpm SHA-256: e7fcb4b56598a7ddc7857edc758a761ec4a015f8f1c7e8b34db61b74278df9c8
openssl-debugsource-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 4513d97caba02aab0e932c19e1cb6a7306b23cb7c747dd9f121b2f4a105ca49f
openssl-devel-1.1.1k-17.el8_6.i686.rpm SHA-256: 4ce42009c3337548ce936adffced6df662618d1346f71da96e9c4c8504c20f51
openssl-devel-1.1.1k-17.el8_6.x86_64.rpm SHA-256: a00348f97f6cf63944fe4f0ac1c2e4cadfebd9cb14fe3cec97ae52940f96c4b2
openssl-libs-1.1.1k-17.el8_6.i686.rpm SHA-256: 60a33808ac5205950d8e631678267ebb56c10eebfa9c00c13a48a63f1fac0f76
openssl-libs-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 18b2b75589a5976e8bf7bd4e72933b69221e6ae75c6531ce97621c0bf204f79d
openssl-libs-debuginfo-1.1.1k-17.el8_6.i686.rpm SHA-256: 042870f96675c10cf757aa454a75b482fd2e2c128a9c4361793c1a245074ff75
openssl-libs-debuginfo-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 81d4d6ef179322053a903d23de6560333d3f63edd0c30c9860f9c322fbb9450b
openssl-perl-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 69d62e3ec4b63b62d2342dab231100a3e2485c5b8d96930f0090ca385249d316

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
s390x
openssl-1.1.1k-17.el8_6.s390x.rpm SHA-256: c5565bd7dfc7d07d2f5902a22f27543a4ce831046aee22d62859b07048a30336
openssl-debuginfo-1.1.1k-17.el8_6.s390x.rpm SHA-256: e203a2b72a975a0d9c229076fc11453ffbba00c84accf6b98640b65ae550523b
openssl-debugsource-1.1.1k-17.el8_6.s390x.rpm SHA-256: c44446b3050871de95438c207341b3d08476387c3feee29e6f139fa770e55946
openssl-devel-1.1.1k-17.el8_6.s390x.rpm SHA-256: a2f92e2d8dfd03334a5872db87c97ec28f64c0923046ba5a8bb5380a4c242424
openssl-libs-1.1.1k-17.el8_6.s390x.rpm SHA-256: 1838edcd1ff782c36d5bfde95fb41d8e72b2b2936a1d09fc56ead636b461df3d
openssl-libs-debuginfo-1.1.1k-17.el8_6.s390x.rpm SHA-256: f406ec0c558a6c8dfa64d8829937e9cdcc91d634438b281807f07e08ced9e867
openssl-perl-1.1.1k-17.el8_6.s390x.rpm SHA-256: d86585b464fc9489403592dbeb9ecc360b60827de137436d8e3133871d48c093

Red Hat Enterprise Linux for Power, little endian 8

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
ppc64le
openssl-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 7fbd2d669c333e4d0922f8c604bebe88887723265dcfb7b59bfb29d3d6164128
openssl-debuginfo-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 0d9e85a38d9da1f065de2e48f5b503a17ae47669524d1b1e0d564cc1a18997c1
openssl-debugsource-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 457562b8054ec91f75e0fa420f76356916a5df32d667c9d1bb8ec0fca3890807
openssl-devel-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 8cad18df13164fd8b1e1405667c31bc369b1e437cd885e40572c9e3b3e740fc3
openssl-libs-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 71551e29d1aba1daaeb19eaee945aeae1de39e9b88d467fc6d619500f5845674
openssl-libs-debuginfo-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 140dfee68aed81b66506cfe3432ea6874ed439b4b1ed63f1f6d4a069c826c00f
openssl-perl-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: aa7d71b06812ce88b5963b5164e247390f44c5f9e7502ca32eaf8244ad7ef96d

Red Hat Enterprise Linux for ARM 64 8

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
aarch64
openssl-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 6fd4b1b3a54158d8eff4fd6965aa4741286688dc3cd2517cd3cd485bef44de95
openssl-debuginfo-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 407041a670a7c8ef9e206407a284166afecaa7a86148972511109c53e57ff075
openssl-debugsource-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 58e36b3d96a71de91ecce1f676624f99effd6d974d4a2c23765de07c40726d70
openssl-devel-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 1285f304ff8c4b7e9adfbb05f8070d88a18c09fe7901d03abdf654cbc9eb5b07
openssl-libs-1.1.1k-17.el8_6.aarch64.rpm SHA-256: f117e1398703910c8e48981ed10e6667f0784bddc6df067f1c165eded7702d18
openssl-libs-debuginfo-1.1.1k-17.el8_6.aarch64.rpm SHA-256: e56eb665d4aec7eb1180b9e0f5bd5a14f4e9b2b2ca8dcfb0f420d90deeec8de6
openssl-perl-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 338a403ff71e6cfb2b610136ff1693813a4b36563520fef559bab1557a872003

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
x86_64
openssl-1.1.1k-17.el8_6.x86_64.rpm SHA-256: d2e8518509c5900095c9811c7663a614b9ef44648e24e61dde954ca07328ad27
openssl-debuginfo-1.1.1k-17.el8_6.i686.rpm SHA-256: b94bab8887d7d59cf66e4e3e1d2d2c24336e7d965424af135ce199332619bd0e
openssl-debuginfo-1.1.1k-17.el8_6.x86_64.rpm SHA-256: b8f798abe8c57b600f92a4142d16743944e165772279848d1bf49804d178d1fb
openssl-debugsource-1.1.1k-17.el8_6.i686.rpm SHA-256: e7fcb4b56598a7ddc7857edc758a761ec4a015f8f1c7e8b34db61b74278df9c8
openssl-debugsource-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 4513d97caba02aab0e932c19e1cb6a7306b23cb7c747dd9f121b2f4a105ca49f
openssl-devel-1.1.1k-17.el8_6.i686.rpm SHA-256: 4ce42009c3337548ce936adffced6df662618d1346f71da96e9c4c8504c20f51
openssl-devel-1.1.1k-17.el8_6.x86_64.rpm SHA-256: a00348f97f6cf63944fe4f0ac1c2e4cadfebd9cb14fe3cec97ae52940f96c4b2
openssl-libs-1.1.1k-17.el8_6.i686.rpm SHA-256: 60a33808ac5205950d8e631678267ebb56c10eebfa9c00c13a48a63f1fac0f76
openssl-libs-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 18b2b75589a5976e8bf7bd4e72933b69221e6ae75c6531ce97621c0bf204f79d
openssl-libs-debuginfo-1.1.1k-17.el8_6.i686.rpm SHA-256: 042870f96675c10cf757aa454a75b482fd2e2c128a9c4361793c1a245074ff75
openssl-libs-debuginfo-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 81d4d6ef179322053a903d23de6560333d3f63edd0c30c9860f9c322fbb9450b
openssl-perl-1.1.1k-17.el8_6.x86_64.rpm SHA-256: 69d62e3ec4b63b62d2342dab231100a3e2485c5b8d96930f0090ca385249d316

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
aarch64
openssl-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 6fd4b1b3a54158d8eff4fd6965aa4741286688dc3cd2517cd3cd485bef44de95
openssl-debuginfo-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 407041a670a7c8ef9e206407a284166afecaa7a86148972511109c53e57ff075
openssl-debugsource-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 58e36b3d96a71de91ecce1f676624f99effd6d974d4a2c23765de07c40726d70
openssl-devel-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 1285f304ff8c4b7e9adfbb05f8070d88a18c09fe7901d03abdf654cbc9eb5b07
openssl-libs-1.1.1k-17.el8_6.aarch64.rpm SHA-256: f117e1398703910c8e48981ed10e6667f0784bddc6df067f1c165eded7702d18
openssl-libs-debuginfo-1.1.1k-17.el8_6.aarch64.rpm SHA-256: e56eb665d4aec7eb1180b9e0f5bd5a14f4e9b2b2ca8dcfb0f420d90deeec8de6
openssl-perl-1.1.1k-17.el8_6.aarch64.rpm SHA-256: 338a403ff71e6cfb2b610136ff1693813a4b36563520fef559bab1557a872003

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
ppc64le
openssl-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 7fbd2d669c333e4d0922f8c604bebe88887723265dcfb7b59bfb29d3d6164128
openssl-debuginfo-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 0d9e85a38d9da1f065de2e48f5b503a17ae47669524d1b1e0d564cc1a18997c1
openssl-debugsource-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 457562b8054ec91f75e0fa420f76356916a5df32d667c9d1bb8ec0fca3890807
openssl-devel-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 8cad18df13164fd8b1e1405667c31bc369b1e437cd885e40572c9e3b3e740fc3
openssl-libs-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 71551e29d1aba1daaeb19eaee945aeae1de39e9b88d467fc6d619500f5845674
openssl-libs-debuginfo-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: 140dfee68aed81b66506cfe3432ea6874ed439b4b1ed63f1f6d4a069c826c00f
openssl-perl-1.1.1k-17.el8_6.ppc64le.rpm SHA-256: aa7d71b06812ce88b5963b5164e247390f44c5f9e7502ca32eaf8244ad7ef96d

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
openssl-1.1.1k-17.el8_6.src.rpm SHA-256: a7c7c944978492dd300bf769d4d46499f0fe56eb3388c13b2b6e63615d406bca
s390x
openssl-1.1.1k-17.el8_6.s390x.rpm SHA-256: c5565bd7dfc7d07d2f5902a22f27543a4ce831046aee22d62859b07048a30336
openssl-debuginfo-1.1.1k-17.el8_6.s390x.rpm SHA-256: e203a2b72a975a0d9c229076fc11453ffbba00c84accf6b98640b65ae550523b
openssl-debugsource-1.1.1k-17.el8_6.s390x.rpm SHA-256: c44446b3050871de95438c207341b3d08476387c3feee29e6f139fa770e55946
openssl-devel-1.1.1k-17.el8_6.s390x.rpm SHA-256: a2f92e2d8dfd03334a5872db87c97ec28f64c0923046ba5a8bb5380a4c242424
openssl-libs-1.1.1k-17.el8_6.s390x.rpm SHA-256: 1838edcd1ff782c36d5bfde95fb41d8e72b2b2936a1d09fc56ead636b461df3d
openssl-libs-debuginfo-1.1.1k-17.el8_6.s390x.rpm SHA-256: f406ec0c558a6c8dfa64d8829937e9cdcc91d634438b281807f07e08ced9e867
openssl-perl-1.1.1k-17.el8_6.s390x.rpm SHA-256: d86585b464fc9489403592dbeb9ecc360b60827de137436d8e3133871d48c093

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility