{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Moderate" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An update for Red Hat Hardened Images RPMs is now available.", "title" : "Topic" }, { "category" : "general", "text" : "This update includes the following RPMs:\n\nopenssl:\n * openssl-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-config-fips-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-devel-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-devel-engine-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-fips-provider-upstream-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-libs-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-perl-3.5.6-0.3.hum1 (aarch64, x86_64)\n * openssl-3.5.6-0.3.hum1.src (src)", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:14217", "url" : "https://access.redhat.com/errata/RHSA-2026:14217" }, { "category" : "external", "summary" : "https://images.redhat.com/", "url" : "https://images.redhat.com/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-28390", "url" : "https://access.redhat.com/security/cve/CVE-2026-28390" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_14217.json" } ], "title" : "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update", "tracking" : { "current_release_date" : "2026-05-21T14:32:12+00:00", "generator" : { "date" : "2026-05-21T14:32:12+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.8.0" } }, "id" : "RHSA-2026:14217", "initial_release_date" : "2026-05-06T15:56:53+00:00", "revision_history" : [ { "date" : "2026-05-06T15:56:53+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-05-07T03:12:44+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-05-21T14:32:12+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Hardened Images", "product" : { "name" : "Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:hummingbird:1" } } } ], "category" : "product_family", "name" : "Red Hat Hardened Images" }, { "branches" : [ { "category" : "product_version", "name" : "openssl-main@aarch64", "product" : { "name" : "openssl-main@aarch64", "product_id" : "openssl-main@aarch64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/openssl@3.5.6-0.3.hum1?arch=aarch64&distro=hummingbird-20251124&repository_id=public-hummingbird-aarch64-rpms" } } } ], "category" : "architecture", "name" : "aarch64" }, { "branches" : [ { "category" : "product_version", "name" : "openssl-main@src", "product" : { "name" : "openssl-main@src", "product_id" : "openssl-main@src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/openssl@3.5.6-0.3.hum1?arch=src&distro=hummingbird-20251124&repository_id=public-hummingbird-source-rpms" } } } ], "category" : "architecture", "name" : "src" }, { "branches" : [ { "category" : "product_version", "name" : "openssl-main@x86_64", "product" : { "name" : "openssl-main@x86_64", "product_id" : "openssl-main@x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/openssl@3.5.6-0.3.hum1?arch=x86_64&distro=hummingbird-20251124&repository_id=public-hummingbird-x86_64-rpms" } } } ], "category" : "architecture", "name" : "x86_64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "openssl-main@aarch64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:openssl-main@aarch64" }, "product_reference" : "openssl-main@aarch64", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "openssl-main@src as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:openssl-main@src" }, "product_reference" : "openssl-main@src", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "openssl-main@x86_64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:openssl-main@x86_64" }, "product_reference" : "openssl-main@x86_64", "relates_to_product_reference" : "Red Hat Hardened Images" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-28390", "cwe" : { "id" : "CWE-476", "name" : "NULL Pointer Dereference" }, "discovery_date" : "2026-04-07T23:01:18.313921+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2456314" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax (CMS) EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter field without first verifying its presence. This leads to a NULL pointer dereference, which can cause applications processing the attacker-controlled CMS data to crash, resulting in a Denial of Service (DoS).", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This CVE has been rated as moderate by redhat because the vulnerability is limited to a denial-of-service condition caused by a NULL pointer dereference in OpenSSL CMS processing, without evidence of memory corruption or code execution, furthermore the Affected functionality is niche. The vulnerable path requires:\nCMS/S/MIME processing,\nspecifically CMS_decrypt(),\nwith RSA-OAEP KeyTransportRecipientInfo.\nMany OpenSSL consumers never use CMS APIs, never process S/MIME,\nor do not decrypt attacker-controlled CMS objects.\nSo exposure is far narrower than a generic TLS parsing vulnerability.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:openssl-main@aarch64", "Red Hat Hardened Images:openssl-main@src", "Red Hat Hardened Images:openssl-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-28390" }, { "category" : "external", "summary" : "RHBZ#2456314", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2456314" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-28390", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-28390" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-28390" }, { "category" : "external", "summary" : "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "url" : "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc" }, { "category" : "external", "summary" : "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "url" : "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6" }, { "category" : "external", "summary" : "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "url" : "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4" }, { "category" : "external", "summary" : "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "url" : "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788" }, { "category" : "external", "summary" : "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "url" : "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75" }, { "category" : "external", "summary" : "https://openssl-library.org/news/secadv/20260407.txt", "url" : "https://openssl-library.org/news/secadv/20260407.txt" } ], "release_date" : "2026-04-07T22:00:54.172000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-05-06T15:56:53+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:openssl-main@aarch64", "Red Hat Hardened Images:openssl-main@src", "Red Hat Hardened Images:openssl-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:14217" }, { "category" : "workaround", "details" : "Applications that process Cryptographic Message Syntax (CMS) EnvelopedData messages should be configured to only accept input from trusted sources. Restricting network access to services that process untrusted CMS data can also reduce exposure to this Denial of Service vulnerability.", "product_ids" : [ "Red Hat Hardened Images:openssl-main@aarch64", "Red Hat Hardened Images:openssl-main@src", "Red Hat Hardened Images:openssl-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:openssl-main@aarch64", "Red Hat Hardened Images:openssl-main@src", "Red Hat Hardened Images:openssl-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing" } ] }