From: Eugene Syromiatnikov Date: Mon, 8 Jun 2026 11:51:34 +0000 (+0200) Subject: CHANGES.md, NEWS.md: update for 4.0.1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=eae29e3bc08b81a28bc4374130ff25d494c76182;p=thirdparty%2Fopenssl.git CHANGES.md, NEWS.md: update for 4.0.1 4.0.1 CHANGES.md includes the following: * CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-35188, CVE-2026-42764, CVE-2026-42765, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-42771, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447 * https://github.com/openssl/openssl/pull/30626 "TLSv1.3: Fix server not sending NewSessionTicket after ciphersuite mismatch" * https://github.com/openssl/openssl/pull/30904 "pkey(1) missing setup for interactive pass prompt" * https://github.com/openssl/openssl/pull/31058 "Validate that a PSK identity is at least one byte long" * https://github.com/openssl/openssl/pull/31146 "ktls: Fix invalid memory access on retry with moving write buffer" * https://github.com/openssl/openssl/pull/31413 "apps/s_client.c: read one byte less to avoid triggerring overflow protection" 4.0.1 NEWS.md includes the following: * CVE-2026-7383, CVE-2026-9076, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-35188, CVE-2026-42764, CVE-2026-42765, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-42770, CVE-2026-42771, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447 * https://github.com/openssl/openssl/pull/30904 "pkey(1) missing setup for interactive pass prompt" * https://github.com/openssl/openssl/pull/31413 "apps/s_client.c: read one byte less to avoid triggerring overflow protection" Signed-off-by: Eugene Syromiatnikov Reviewed-by: Norbert Pocs Reviewed-by: Nikola Pajkovsky Reviewed-by: Tomas Mraz MergeDate: Thu Jun 18 13:13:58 2026 (Merged from https://github.com/openssl/openssl/pull/31509) --- diff --git a/CHANGES.md b/CHANGES.md index 450d5defdce..3cdace85174 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -201,6 +201,11 @@ OpenSSL Releases *Dimitri John Ledkov* +OpenSSL 4.0 +----------- + +### Changes between 4.0.1 and 4.0.2 [xx XXX XXXX] + * Add client-side validation for TLS 1.3 session ticket lifetimes. In accordance with [RFC 8446 Section 4.6.1](https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.1), @@ -213,6 +218,373 @@ OpenSSL Releases *Abel Thomas* +### Changes between 4.0.0 and 4.0.1 [9 Jun 2026] + + * Fixed heap use-after-free in `PKCS7_verify()`. + + Severity: High + + Issue summary: A specially crafted PKCS#7 or S/MIME signed message could + trigger a use-after-free during PKCS#7 signature verification. + + Impact summary: A use-after-free may result in process crashes, heap + corruption, or, potentially, remote code execution. + + Reported by: Thai Duong (Calif.io in collaboration with Claude + and Anthropic Research). + + ([CVE-2026-45447]) + + *Igor Ustinov* + + * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. + + Severity: Moderate + + Issue Summary: Cryptographic Message Services (CMS) processing fails + to perform sufficient input validation on the cipher and tag length fields + of `AuthEnvelopedData` containers, leading to various potential compromises. + + Impact Summary: Attackers making use of these vulnerabilities may achieve + key-equivalent functionality for a given CMS recipient and/or bypass + integrity validation for a given message. + + Reported by: Asim Viladi Oglu Manizada, Alex Gaynor (Anthropic), + Ying Dong, and Haiyang Huang. + + ([CVE-2026-34182]) + + *Neil Horman* + + * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. + + Severity: Moderate + + Issue summary: Remote peer may exhaust heap memory of the QUIC server + or client by flooding it with packets containing `PATH_CHALLENGE` frames. + + Impact summary: A malicious remote peer can cause an unbounded memory + allocation which can lead to an abnormal termination of the application + acting as a QUIC client or server and a Denial of Service. + + Reported by: Abhinav Agarwal. + + ([CVE-2026-34183]) + + *Abhinav Agarwal and Alexandr Nedvedicky* + + * Fixed double-free when checking OCSP stapled response. + + Severity: Moderate + + Issue summary: A malicious server can exploit TLS OCSP stapling by delivering + a crafted response through the `status_request` extension, triggering + a double-free in the client's certificate verification path. + + Impact summary: Successful exploitation allows an attacker to corrupt heap + memory via a double-free, potentially leading to a Denial of Service + or possibly an attacker controlled code execution or other undefined + behavior. + + Reported by: Wang Kenaz (University of Illinois), + Guido Vranken (Aisle Research), and Aaron Grattafiori (Nvidia). + + ([CVE-2026-35188]) + + *Daniel Kubec* + + * Fixed NULL pointer dereference in QUIC server initial packet handling. + + Severity: Moderate + + Issue summary: Receiving a QUIC initial packet with an invalid token + may trigger a NULL pointer dereference in the OpenSSL QUIC server + with address validation disabled. + + Impact summary: NULL pointer dereference typically causes abnormal + termination of the affected QUIC server process and a Denial of Service. + + Reported by: Sunwoo Lee (KENTECH), Hyuk Lim (KENTECH), + and Seunghyun Yoon (KENTECH). + + ([CVE-2026-42764]) + + *Sunwoo Lee (KENTECH), Hyuk Lim (KENTECH), and Seunghyun Yoon (KENTECH)* + + * Fixed AES-OCB IV ignored on `EVP_Cipher()` path. + + Severity: Moderate + + Issue summary: When an application drives an AES-OCB context through + the public `EVP_Cipher()` one-shot interface, the application-supplied + initialisation vector (IV) is silently discarded. + + Impact summary: Every message encrypted under the same key uses the same + effective nonce regardless of the IV supplied by the caller, resulting + in `(key, nonce)` reuse and loss of confidentiality. If the same code path + is used to compute the authentication tag, the tag depends only + on the `(key, IV)` pair and not on the plaintext or ciphertext, allowing + universal forgery of arbitrary ciphertext from a single captured message. + + Reported by: Alex Gaynor (Anthropic). + + ([CVE-2026-45445]) + + *Viktor Dukhovni* + + * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. + + Severity: Low + + Issue summary: A signed integer overflow when sizing the destination + buffer for Unicode output in `ASN1_mbstring_ncopy()` can lead to a heap + buffer overflow. + + Impact summary: A heap buffer overflow may lead to a crash or possibly + attacker controlled code execution or other undefined behaviour. + + Reported by: Zehua Qiao and Jinwen He. + + ([CVE-2026-7383]) + + *Viktor Dukhovni* + + * Fixed out-of-bounds read in CMS password-based decryption. + + Severity: Low + + Issue summary: When CMS password-based decryption ([RFC 3211]/PWRI key + unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode + KEK cipher can trigger a heap out-of-bounds read in `kek_unwrap_key()`. + + Impact summary: A heap buffer over-read may trigger a crash, which leads + to Denial of Service for an application if the input buffer ends at a memory + page boundary and the following page is unmapped. There is no information + disclosure, as the over-read bytes are not revealed to the attacker. + + Reported by: Bhabani Sankar Das and Haruki Oyama (Waseda University). + + ([CVE-2026-9076]) + + *Nikola Pajkovský* + + * Fixed heap buffer over-read in ASN.1 content parsing. + + Severity: Low + + Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive + element whose content exceeds 2 gigabytes in length may cause a heap buffer + over-read on 64-bit Unix and Unix-like platforms. + + Impact summary: The heap buffer over-read may crash the application (Denial + of Service) or to load into the decoded ASN.1 object contents of memory + beyond the end of the input buffer. More typically, such ASN.1 elements + would instead be truncated. + + Reported by: Frank Buss. + + ([CVE-2026-34180]) + + *Viktor Dukhovni* + + * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. + + Severity: Low + + Issue Summary: The PKCS#12 file processing fails to perform sufficient input + validation for files that use Password-Based Message Authentication Code 1 + (PBMAC1) integrity mechanism allowing a certificate and private key forgery. + + Impact Summary: An attacker impersonating a user can cause a service reading + PKCS#12 files to accept forged certificates and private keys with a 1 in 256 + probability. + + Reported by: Pavol Žáčik (Red Hat) and Alex Gaynor (Anthropic). + + ([CVE-2026-34181]) + + *Alicja Kario (Red Hat)* + + * Fixed NULL dereference in certificate verification with OCSP Checking. + + Severity: Low + + Issue summary: When a partial-chain certificate verification is enabled + together with OCSP response checking for the whole chain, a NULL dereference + will happen if the verified chain does not have a self-signed trusted anchor, + crashing the process. + + Impact summary: A NULL pointer dereference can trigger a crash which leads + to a Denial of Service for an application. + + Reported by: Joshua Rogers (Aisle Research). + + ([CVE-2026-42765]) + + *Joshua Rogers (Aisle Research) and Daniel Kubec* + + * Fixed possible NULL dereference in password-dased CMS decryption. + + Severity: Low + + Issue summary: A specially crafted password-encrypted CMS message + could trigger a NULL pointer dereference during CMS decryption. + + Impact summary: This NULL pointer dereference could lead to an application + crash and a Denial of Service. + + Reported by: Mayank Jangid, Kushal Khemka, Hari Priandana, + Bhabani Sankar Das, and Qifan Zhang (Palo Alto Networks). + + ([CVE-2026-42766]) + + *Igor Ustinov* + + * Fixed NULL pointer dereference in CRMF `EncryptedValue` decryption. + + Severity: Low + + Issue summary: An attacker-controlled CMP (Certificate Management Protocol) + server could trigger a NULL pointer dereference in a CMP client application. + + Impact summary: A NULL pointer dereference could cause a crash + of the application and a Denial of Service. + + Reported by: Zhanpeng Liu (Tencent Xuanwu Lab), + Guannan Wang (Tencent Xuanwu Lab), and Guancheng Li (Tencent Xuanwu Lab). + + ([CVE-2026-42767]) + + *Igor Ustinov* + + * Fixed multi-`RecipientInfo` Bleichenbacher Oracle in `CMS_decrypt()` + and `PKCS7_decrypt()`. + + Severity: Low + + Issue summary: The `CMS_decrypt()` and `PKCS7_decrypt()` functions + are vulnerable to Bleichenbacher-style attack when an attacker is able + to provide CMS or S/MIME messages and observe the error code + and/or decryption output. + + Impact summary: The Bleichenbacher-style attack allows an attacker to use + the victim's vulnerable application as a way to decrypt or sign messages + with the victim's private RSA key. + + Reported by: Alex Gaynor (Anthropic). + + ([CVE-2026-42768]) + + *Dmitry Belyavskiy (Red Hat) and Alicja Kario (Red Hat)* + + * Fixed trust anchor substitution via `cert`/`issuer` typo in CMP + `rootCaKeyUpdate`. + + Severity: Low + + Issue Summary: An error in the callback used to verify the certificate + provided in a Root CA key update Certificate Management Protocol (CMP) + message response rendered the certificate validation ineffectual, + which could lead to escalation of credentials from the Registration + Authority (RA) level to the root Certification Authority (root CA) level. + + Impact Summary: The Registration Authority could replace the root CA + certificate for the CMP clients with an arbitrary root CA certificate. + + Reported by: Alex Gaynor (Anthropic). + + ([CVE-2026-42769]) + + *Alex Gaynor (Anthropic) and Bob Beck* + + * Fixed FFC-DH peer validation uses attacker-supplied `q`. + + Severity: Low + + Issue summary: When `EVP_PKEY_derive_set_peer()` is called with a DHX (X9.42) + peer key, the peer key is not properly checked for the subgroup membership. + + Impact summary: A malicious peer which presents an X9.42 key carrying + the victim's `p` and `g` parameters, a forged `q = r` (a small prime factor + of the cofactor `(p − 1)/q_local`), and a public value `Y` of order `r` can + recover the victim's private key after a small number of key exchange + attempts. + + Reported by: Alex Gaynor (Anthropic). + + ([CVE-2026-42770]) + + *Alex Gaynor (Anthropic), Viktor Dukhovni, and Norbert Pócs* + + * Fixed possible out of bounds read in `X509_VERIFY_PARAM_set1_email()`. + + Severity: Low + + Issue summary: When `X509_VERIFY_PARAM_set1_email()` is called + by an application to validate a crafted e-mail address, such as during + S/MIME message validation, an out of bounds read can happen. + + Impact summary: This out of bounds read will not directly exfiltrate + the data read to the attacker, so, the most likely result is a crash + and a Denial of Service. + + Reported by: TrendAI Zero Day Initiative. + + ([CVE-2026-42771]) + + *Bob Beck* + + * Fixed incorrect tag processing for empty messages in AES-GCM-SIV + and AES-SIV modes. + + Severity: Low + + Issue summary: The implementations of AES-SIV ([RFC 5297]) and AES-GCM-SIV + ([RFC 8452]) mishandle the authentication of AAD (Additional Authenticated + Data) with an empty ciphertext, allowing forgery of such messages. + + Impact summary: An attacker can forge empty messages with arbitrary AAD + to the victim's application using these ciphers. + + Reported by: Alex Gaynor (Anthropic). + + ([CVE-2026-45446]) + + *Dmitry Belyavskiy (Red Hat)* + + * Fixed a regression introduced in 4.0.0 that led to a `openssl pkey` + command crash when it was invoked to encrypt a private key with password + being provided interactively. + + + *Viktor Dukhovni* + + * Fixed a regression introduced in 4.0.0 that led to `openssl s_client -adv` + command prematurely terminating a session when reading input of 16384 bytes + in one `read()` call. + + + *Eugene Syromiatnikov* + + * Fixed TLS 1.3 server not sending `NewSessionTicket` message + after ciphersuite mismatch. + + + *Daniel Kubec* + + * Implemented validation of the minimal length of PSK identity + being of at least one byte long, as required per [RFC 8446]. + + + *Matt Caswell* + + * Fixed usage of stale application buffer pointer by kTLS implementation + after incomplete writes when `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER` is set, + that led to invalid memory reads and sending of incorrect data. + + + *Ilya Maximets* + ### Changes between 3.6 and 4.0.0 [14 Apr 2026] * Added `-expected-rpks` option to the `openssl s_client` @@ -23107,6 +23479,8 @@ ndif [CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 [CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 [CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673 +[CVE-2026-7383]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383 +[CVE-2026-9076]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076 [CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 [CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 [CVE-2026-28386]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28386 @@ -23116,10 +23490,30 @@ ndif [CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 [CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 [CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 +[CVE-2026-34180]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180 +[CVE-2026-34181]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34181 +[CVE-2026-34182]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34182 +[CVE-2026-34183]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34183 +[CVE-2026-35188]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-35188 +[CVE-2026-42764]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42764 +[CVE-2026-42765]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42765 +[CVE-2026-42766]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766 +[CVE-2026-42767]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42767 +[CVE-2026-42768]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42768 +[CVE-2026-42769]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42769 +[CVE-2026-42770]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42770 +[CVE-2026-42771]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42771 +[CVE-2026-45445]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45445 +[CVE-2026-45446]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45446 +[CVE-2026-45447]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 +[RFC 3211]: https://datatracker.ietf.org/doc/html/rfc3211 +[RFC 5297]: https://datatracker.ietf.org/doc/html/rfc5297 [RFC 7919]: https://datatracker.ietf.org/doc/html/rfc7919 [RFC 8422]: https://datatracker.ietf.org/doc/html/rfc8422 +[RFC 8446]: https://datatracker.ietf.org/doc/html/rfc8446 +[RFC 8452]: https://datatracker.ietf.org/doc/html/rfc8452 [RFC 8998]: https://datatracker.ietf.org/doc/html/rfc8998#name-iana-considerations [RFC 9149]: https://datatracker.ietf.org/doc/html/rfc9149 [RFC 9849]: https://datatracker.ietf.org/doc/html/rfc9849 diff --git a/NEWS.md b/NEWS.md index 674c1a64e02..278ec1309dc 100644 --- a/NEWS.md +++ b/NEWS.md @@ -34,6 +34,78 @@ OpenSSL 4.1 OpenSSL 4.0 ----------- +### Major changes between OpenSSL 4.0.0 and OpenSSL 4.0.1 [9 Jun 2026] + +OpenSSL 4.0.1 is a security patch release. The most severe CVE fixed +in this release is High. + +This release incorporates the following bug fixes and mitigations: + + * Fixed heap use-after-free in `PKCS7_verify()`. + ([CVE-2026-45447]) + + * Fixed CMS `AuthEnvelopedData` processing may accept forged messages. + ([CVE-2026-34182]) + + * Fixed unbounded memory growth in the QUIC `PATH_CHALLENGE` handler. + ([CVE-2026-34183]) + + * Fixed double-free when checking OCSP stapled response. + ([CVE-2026-35188]) + + * Fixed NULL pointer dereference in QUIC server initial packet handling. + ([CVE-2026-42764]) + + * Fixed AES-OCB IV ignored on `EVP_Cipher()` path. + ([CVE-2026-45445]) + + * Fixed possible heap buffer overflow in ASN.1 multibyte string conversion. + ([CVE-2026-7383]) + + * Fixed out-of-bounds read in CMS password-based decryption. + ([CVE-2026-9076]) + + * Fixed heap buffer over-read in ASN.1 content parsing. + ([CVE-2026-34180]) + + * Fixed PKCS#12 files with PBMAC1 are accepted with short HMAC keys. + ([CVE-2026-34181]) + + * Fixed NULL dereference in certificate verification with OCSP Checking. + ([CVE-2026-42765]) + + * Fixed possible NULL dereference in password-dased CMS decryption. + ([CVE-2026-42766]) + + * Fixed NULL pointer dereference in CRMF `EncryptedValue` decryption. + ([CVE-2026-42767]) + + * Fixed multi-`RecipientInfo` Bleichenbacher Oracle in `CMS_decrypt()` + and `PKCS7_decrypt()`. + ([CVE-2026-42768]) + + * Fixed trust anchor substitution via `cert`/`issuer` typo in CMP + `rootCaKeyUpdate`. + ([CVE-2026-42769]) + + * Fixed FFC-DH peer validation uses attacker-supplied `q`. + ([CVE-2026-42770]) + + * Fixed possible out of bounds read in `X509_VERIFY_PARAM_set1_email()`. + ([CVE-2026-42771]) + + * Fixed incorrect tag processing for empty messages in AES-GCM-SIV + and AES-SIV modes. + ([CVE-2026-45446]) + + * Fixed a regression introduced in 4.0.0 that led to a `openssl pkey` + command crash when it was invoked to encrypt a private key with password + being provided interactively. + + * Fixed a regression introduced in 4.0.0 that led to `openssl s_client -adv` + command prematurely terminating a session when reading input of 16384 bytes + in one `read()` call. + ### Major changes between OpenSSL 3.6 and OpenSSL 4.0.0 [14 Apr 2026] OpenSSL 4.0.0 is a feature release adding significant new functionality @@ -2363,6 +2435,8 @@ OpenSSL 0.9.x [CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420 [CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421 [CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673 +[CVE-2026-7383]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-7383 +[CVE-2026-9076]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-9076 [CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795 [CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796 [CVE-2026-28386]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28386 @@ -2372,6 +2446,22 @@ OpenSSL 0.9.x [CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390 [CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789 [CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790 +[CVE-2026-34180]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34180 +[CVE-2026-34181]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34181 +[CVE-2026-34182]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34182 +[CVE-2026-34183]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-34183 +[CVE-2026-35188]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-35188 +[CVE-2026-42764]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42764 +[CVE-2026-42765]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42765 +[CVE-2026-42766]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42766 +[CVE-2026-42767]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42767 +[CVE-2026-42768]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42768 +[CVE-2026-42769]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42769 +[CVE-2026-42770]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42770 +[CVE-2026-42771]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-42771 +[CVE-2026-45445]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45445 +[CVE-2026-45446]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45446 +[CVE-2026-45447]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-45447 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations [OpenSSL Guide]: https://docs.openssl.org/master/man7/ossl-guide-introduction [README-QUIC.md]: ./README-QUIC.md