Ubuntu alert USN-7980-2 (openssl, openssl1.0)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7980-2] OpenSSL vulnerabilities | |
| Date: | Tue, 27 Jan 2026 21:40:09 +0000 | |
| Message-ID: | <E1vkqnB-0003Jt-8O@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7980-2 January 27, 2026 openssl, openssl1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools - openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools Details: USN-7980-2 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2025-68160 for openssl and openssl1.0, CVE-2025-69418 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69419 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69420 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, CVE-2025-69421 for openssl and openssl1.0, CVE-2026-22795 for openssl on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS, and CVE-2026-22796 for openssl and openssl1.0. Original advisory details: Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468) Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469) Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199) Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160) Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418) Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the TS_RESP_verify_response() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420) Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795) Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in the PKCS7_digest_from_attributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libssl1.1 1.1.1f-1ubuntu2.24+esm2 Available with Ubuntu Pro openssl 1.1.1f-1ubuntu2.24+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libssl1.0.0 1.0.2n-1ubuntu5.13+esm3 Available with Ubuntu Pro libssl1.1 1.1.1-1ubuntu2.1~18.04.23+esm7 Available with Ubuntu Pro openssl 1.1.1-1ubuntu2.1~18.04.23+esm7 Available with Ubuntu Pro openssl1.0 1.0.2n-1ubuntu5.13+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libssl1.0.0 1.0.2g-1ubuntu4.20+esm14 Available with Ubuntu Pro openssl 1.0.2g-1ubuntu4.20+esm14 Available with Ubuntu Pro Ubuntu 14.04 LTS libssl1.0.0 1.0.1f-1ubuntu2.27+esm12 Available with Ubuntu Pro openssl 1.0.1f-1ubuntu2.27+esm12 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7980-2 https://ubuntu.com/security/notices/USN-7980-1 CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAml5MF8ACgkQcpJm3tlz hgFSchAAosMV17dLrpMVMZBuNxzYForFxaYqcw4LXiFBEVqiUcxKzp/7XyuPIp0p XXT2KcazIkpSxLwN+Icd8c09ROxek9hlh0JrVyze9MUE1KkND6cgvlTlrCKqFu8n g4mF+AZ4DXonVHMnDRqIIPITly1G1r2lcSLkTFbH93YJwKV10r+n5Ac343evHdg/ 5h+ZWOjzoiBNxpncho2EI3WdI752UGKooX/Y0DyCgHUx/E4yjrInPoO0FWPiUZnY pXkU7zZSycJeGPrXyyzqYsEaUjqIa1sM9KsZbMIl2dw5zQb1FpWL80kouWH27vql z8Ik/yT/Jl+kjfppO4zXSAhGr3UECckRpHNuPO16SRWTobfDv7F0WlFr2bVjZN9L V4uzk6BO0qaP2XETDmPfaFEuVs4amsk8YRFrOGN9Ol7LBSDby6WBY2fUnGFPhhZ7 2o1OGzTe/HUkqQ0rbkpi3G3AvY7LrZwVrLq3K9HHH6vOwztIDkFyG+qgQUWFJwmB IGerkaq+x5sruhMMIwmr4xFfBFZutg6X8lpelX3AVTpJiA0LmXDtkZ6nN8Ib8/QF CEBHt8W0/Q9hBqY0cWvzqyBcuwrVgxhfWKpfAhhEu57UUKQpEaMLo/fGNRdgO5xs K7aZLO8GUABi9kzhsqpMfcQ6hGuJ+X+h+6pXQJAa83eTvZ9V0rU= =OFZ7 -----END PGP SIGNATURE-----