openssl 3.5.6 rpms released and added to all supported platforms (Alma Linux, Rocky Linux, RedHat Enterprise Linux RHEL, Oracle Linux).
Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
(CVE-2026-31790)
Fixed loss of key agreement group tuple structure when the DEFAULT keyword
is used in the server-side configuration of the key-agreement group list.
(CVE-2026-2673)
Fixed potential use-after-free in DANE client code.
(CVE-2026-28387)
Fixed NULL pointer dereference when processing a delta CRL.
(CVE-2026-28388)
Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
(CVE-2026-28389)
Fixed possible NULL dereference when processing CMS
KeyTransportRecipientInfo.
(CVE-2026-28390)
Fixed heap buffer overflow in hexadecimal conversion.
(CVE-2026-31789)
OpenSSL 3.5 is a release featuring QUIC server support.
We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.