{"id":"ALSA-2026:1472","summary":"Important: openssl security update","details":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.  \n\nSecurity Fix(es):  \n\n  * openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n  * openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n  * openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n  * openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n  * openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n  * openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n  * openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n  * openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n  * openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n  * openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n  * openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n  * openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-01-31T14:44:12.127364Z","published":"2026-01-28T00:00:00Z","related":["CVE-2025-11187","CVE-2025-15467","CVE-2025-15468","CVE-2025-15469","CVE-2025-66199","CVE-2025-68160","CVE-2025-69418","CVE-2025-69419","CVE-2025-69420","CVE-2025-69421","CVE-2026-22795","CVE-2026-22796"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:1472"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-11187"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-15467"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-15468"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-15469"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-66199"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-68160"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-69418"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-69419"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-69420"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-69421"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22795"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-22796"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430375"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430376"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430377"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430379"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430381"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430389"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2430390"},{"type":"ADVISORY","url":"https://errata.almalinux.org/10/ALSA-2026-1472.html"}],"affected":[{"package":{"name":"openssl","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/openssl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.1-7.el10_1.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:1472.json"}},{"package":{"name":"openssl-devel","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/openssl-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.1-7.el10_1.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:1472.json"}},{"package":{"name":"openssl-libs","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/openssl-libs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.1-7.el10_1.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:1472.json"}},{"package":{"name":"openssl-perl","ecosystem":"AlmaLinux:10","purl":"pkg:rpm/almalinux/openssl-perl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.1-7.el10_1.alma.1"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:1472.json"}}],"schema_version":"1.7.3"}