Red Hat Product Errata RHSA-2026:22315 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22315 - Security Advisory Overview Updated Packages Synopsis Moderate: compat-openssl10 security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fix(es): openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2456314 - CVE-2026-28390 openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing CVEs CVE-2026-28390 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 x86_64 compat-openssl10-1.0.2o-4.el8_10.2.i686.rpm SHA-256: a4f2b5229ca8a4489da81af846e680caf9239b9555caf4e39156885327b4382e compat-openssl10-1.0.2o-4.el8_10.2.x86_64.rpm SHA-256: fa7ca44f52a90475e73a35786dda913761f47a16805ea6a7698f689b6d7e3aa6 compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.i686.rpm SHA-256: 18e5c1d3c0fd48344595fcb1b7892b0a772af5567aa9475e9ce238272c6669fd compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.x86_64.rpm SHA-256: a86e252541bfb382df021036cf80ebaf8fb8fdae43c6921388041256dc5e85ec compat-openssl10-debugsource-1.0.2o-4.el8_10.2.i686.rpm SHA-256: 82e1a1494e2b6529d1427e7b0ee82610e5771ae5339c71da449d703c1222b1ed compat-openssl10-debugsource-1.0.2o-4.el8_10.2.x86_64.rpm SHA-256: b860c5a804c5d15b9a2178bfc3b98b9e99122d2d0b547f74f3b73e47cab8ca28 Red Hat Enterprise Linux for IBM z Systems 8 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 s390x compat-openssl10-1.0.2o-4.el8_10.2.s390x.rpm SHA-256: 81d6137b96c0b2bb25539941b6741c4898acf51690c94982271a89c7d491eb0f compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.s390x.rpm SHA-256: 1f7f9fd83d88946edbdd17b0c9ddb449d9523c1054cdd7e0e042ef6f966bf4ef compat-openssl10-debugsource-1.0.2o-4.el8_10.2.s390x.rpm SHA-256: fdc174c0e53464078201a5ec3b2d4a44598da045181fe6486d0d0a4f1f83703d Red Hat Enterprise Linux for Power, little endian 8 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 ppc64le compat-openssl10-1.0.2o-4.el8_10.2.ppc64le.rpm SHA-256: 6c333b777eebdd6fbbe8ce75840d8b2d37d73c902ede4fc85b6e17b09d81459a compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.ppc64le.rpm SHA-256: fd456d4b658e77e9de8289e992e5adcdb167cab8efe29c472bf214d8eb16b98a compat-openssl10-debugsource-1.0.2o-4.el8_10.2.ppc64le.rpm SHA-256: 3dd72d512dbbb7e6d221a9fd584b0c78acc7ac9d91c18bcb8ae421c489c606ee Red Hat Enterprise Linux for ARM 64 8 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 aarch64 compat-openssl10-1.0.2o-4.el8_10.2.aarch64.rpm SHA-256: 5d1e4a25dfd84fbb1114b00b90b5464c4446f2591ae1927474a17ab817330fab compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.aarch64.rpm SHA-256: 2a046aeec6a7f0f7f8af0a3f44b61d94ca0b4cc9d6f6bd3042b76d67a787aaee compat-openssl10-debugsource-1.0.2o-4.el8_10.2.aarch64.rpm SHA-256: fe6a5408d4f42b7b3b046eb91a6e60fc26623597f4511e5a4ba7f90179e7cd8f Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 x86_64 compat-openssl10-1.0.2o-4.el8_10.2.i686.rpm SHA-256: a4f2b5229ca8a4489da81af846e680caf9239b9555caf4e39156885327b4382e compat-openssl10-1.0.2o-4.el8_10.2.x86_64.rpm SHA-256: fa7ca44f52a90475e73a35786dda913761f47a16805ea6a7698f689b6d7e3aa6 compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.i686.rpm SHA-256: 18e5c1d3c0fd48344595fcb1b7892b0a772af5567aa9475e9ce238272c6669fd compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.x86_64.rpm SHA-256: a86e252541bfb382df021036cf80ebaf8fb8fdae43c6921388041256dc5e85ec compat-openssl10-debugsource-1.0.2o-4.el8_10.2.i686.rpm SHA-256: 82e1a1494e2b6529d1427e7b0ee82610e5771ae5339c71da449d703c1222b1ed compat-openssl10-debugsource-1.0.2o-4.el8_10.2.x86_64.rpm SHA-256: b860c5a804c5d15b9a2178bfc3b98b9e99122d2d0b547f74f3b73e47cab8ca28 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 aarch64 compat-openssl10-1.0.2o-4.el8_10.2.aarch64.rpm SHA-256: 5d1e4a25dfd84fbb1114b00b90b5464c4446f2591ae1927474a17ab817330fab compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.aarch64.rpm SHA-256: 2a046aeec6a7f0f7f8af0a3f44b61d94ca0b4cc9d6f6bd3042b76d67a787aaee compat-openssl10-debugsource-1.0.2o-4.el8_10.2.aarch64.rpm SHA-256: fe6a5408d4f42b7b3b046eb91a6e60fc26623597f4511e5a4ba7f90179e7cd8f Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 ppc64le compat-openssl10-1.0.2o-4.el8_10.2.ppc64le.rpm SHA-256: 6c333b777eebdd6fbbe8ce75840d8b2d37d73c902ede4fc85b6e17b09d81459a compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.ppc64le.rpm SHA-256: fd456d4b658e77e9de8289e992e5adcdb167cab8efe29c472bf214d8eb16b98a compat-openssl10-debugsource-1.0.2o-4.el8_10.2.ppc64le.rpm SHA-256: 3dd72d512dbbb7e6d221a9fd584b0c78acc7ac9d91c18bcb8ae421c489c606ee Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 SRPM compat-openssl10-1.0.2o-4.el8_10.2.src.rpm SHA-256: b8a1dfbaa0f502f3771cb44ad5c7db12a644dcf7c4606de1da8fb98c066fa122 s390x compat-openssl10-1.0.2o-4.el8_10.2.s390x.rpm SHA-256: 81d6137b96c0b2bb25539941b6741c4898acf51690c94982271a89c7d491eb0f compat-openssl10-debuginfo-1.0.2o-4.el8_10.2.s390x.rpm SHA-256: 1f7f9fd83d88946edbdd17b0c9ddb449d9523c1054cdd7e0e042ef6f966bf4ef compat-openssl10-debugsource-1.0.2o-4.el8_10.2.s390x.rpm SHA-256: fdc174c0e53464078201a5ec3b2d4a44598da045181fe6486d0d0a4f1f83703d The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .