Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 43 OpenSSL Critical Denial of Service Update 2026-47fffff581

fedora
Calendar Grey April 28, 2026
Dist Fedora Esm H88
Fedora update addresses critical OpenSSL issues with backport patches from version 3.5.6 to enhance security.
Backport security patches from OpenSSL 3.5.6

Summary

The OpenSSL toolkit provides support for secure communications between

machines. OpenSSL includes a certificate management tool and shared

libraries which provide various cryptographic algorithms and

protocols.

Update Information:

Backport security patches from OpenSSL 3.5.6

Change Log

* Mon Apr 20 2026 Pavol \u017d\u010dik - 1:3.5.4-3 - Backport security patches from OpenSSL 3.5.6 Resolves: CVE-2026-2673 Resolves: CVE-2026-28387 Resolves: CVE-2026-28388 Resolves: CVE-2026-28389 Resolves: CVE-2026-28390 Resolves: CVE-2026-31789 Resolves: CVE-2026-31790

References


[ 1 ] Bug #2447397 - CVE-2026-2673 openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447397 [ 2 ] Bug #2456467 - CVE-2026-28390 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2456467

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-47fffff581' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: openssl
Product: Fedora 43
Version: 3.5.4
Release: 3.fc43
Summary: Utilities from the general purpose cryptography library with TLS implementation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here