|
|
Log in / Subscribe / Register

Red Hat alert RHSA-2026:1473-01 (openssl)

An update for openssl is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

Security Fix(es):

* openssl: OpenSSL: Arbitrary code execution or denial of service through
crafted PKCS#12 file (CVE-2025-11187)

* openssl: OpenSSL: Remote code execution or Denial of Service via oversized
Initialization Vector in CMS parsing (CVE-2025-15467)

* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC
protocol handling (CVE-2025-15468)

* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to
silent truncation (CVE-2025-15469)

* openssl: OpenSSL: Denial of Service due to excessive memory allocation in
TLS 1.3 certificate compression (CVE-2025-66199)

* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO
filter (CVE-2025-68160)

* openssl: OpenSSL: Information disclosure and data tampering via specific
low-level OCB encryption/decryption calls (CVE-2025-69418)

* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in
PKCS#12 processing (CVE-2025-69419)

* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing
(CVE-2025-69421)

* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response
(CVE-2025-69420)

* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file
processing (CVE-2026-22795)

* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature
verification (CVE-2026-22796)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0
International License (https://creativecommons.org/licenses/by/4.0/). If you
distribute this content, or a modified version of it, you must provide
attribution to Red Hat Inc. and provide a link to the original.


Original: https://access.redhat.com/security/data/csaf/v2/advisories/2026/rhsa-2026_1473.json
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds