|
|
Log in / Subscribe / Register

Debian alert DLA-4490-1 (openssl)



From:
              Andreas Henriksson <andreas@fatal.se>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4490-1] openssl security update


Date:
              Tue, 24 Feb 2026 09:55:17 +0100


Message-ID:
              <bekak6y4dysedxmdxzwd2mhnvf2rx46f4eldsczpirs53zzk37@6yasqwui6kb6>


-------------------------------------------------------------------------
Debian LTS Advisory DLA-4490-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Andreas Henriksson
February 23, 2026                             https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : openssl
Version        : 1.1.1w-0+deb11u5
CVE ID         : CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 
                 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796
Debian Bug     : 

Aisle Research found multiple vulnerabilites in OpenSSL, a Secure Socket Layer
toolkit providing the SSL and TLS cryptographic protocols for secure
communication over the Internet. 

CVE-2025-68160

    Petr Simecek (Aisle Research) and Stanislav Fort (Aisle Research) found
    writing large, newline-free data into a BIO chain using the line-buffering
    filter where the next BIO performs short writes can trigger a heap-based
    out-of-bounds write. This out-of-bounds write can cause memory corruption
    which typically results in a crash, leading to Denial of Service for an
    application.

CVE-2025-69418

    Stanislav Fort (Aisle Research) found using the low-level OCB API directly
    with AES-NI or other hardware-accelerated code paths, inputs whose length
    is not a multiple of 16 bytes can leave the final partial block unencrypted
    and unauthenticated. The trailing 1-15 bytes of a message may be exposed in
    cleartext on encryption and are not covered by the authentication tag,
    allowing an attacker to read or tamper with those bytes without detection.

CVE-2025-69419

    Stanislav Fort (Aisle Research) found a maliciously crafted PKCS#12 file
    with a BMPString (UTF-16BE) can lead to out-of-bounds write causing a
    memory corruption which can have various consequences including a Denial of
    Service.

CVE-2025-69420

    Luigino Camastra (Aisle Research) found a type confusion vulnerability
    exists in the TimeStamp Response verification code, leading to an invalid
    or NULL pointer dereference when processing a malformed TimeStamp Response
    file. The result is a possible Denial of Service.

CVE-2025-69421

    Luigino Camastra (Aisle Research) found out processing a malformed PKCS#12
    file can trigger a NULL pointer dereference in the
    PKCS12_item_decrypt_d2i_ex() function that can trigger a crash which leads
    to Denial of Service for an application processing PKCS#12 files.

CVE-2026-22795

    Luigino Camastra (Aisle Research) found that an application processing a
    malformed PKCS#12 file can be caused to dereference an invalid or NULL
    pointer on memory read, resulting in a Denial of Service.

CVE-2026-22796

    Luigino Camastra (Aisle Research) found that an application performing
    signature verification of PKCS#7 data or calling directly the
    PKCS7_digest_from_attributes() function can be caused to dereference an
    invalid or NULL pointer when reading, resulting in a Denial of Service.

More details are available in:
https://openssl-library.org/news/secadv/20260127.txt

For Debian 11 bullseye, these problems have been fixed in version
1.1.1w-0+deb11u5.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmmdZ3IACgkQC8R9xk0T
UwaYvw//d1sxGSSn8kLYSnfdHqBljFGIGkusy8bIZMtH/jGtlnYdnQkBa/MKaodA
iOPUPx7pF2lHlwxgSihI6LLWptKzznuXWQuQm8UDSKXCtbxIn9kTrWy6c6/gRI4E
Vv5b93Iz82QWFieHcWFv6v71seJm0xPkMTX9x4aJthXTl2G+DiHJCAIhDZYDVG7B
L8FhyxWYIB/GYBr2V1ZBkYhiwo7yq3c6H9uyCDaBnIe4bFW2AECWfkIfzSJyfsHr
S1mD/pQAIBlHp8yAtzboNkghpKKO6TorphJXDo09elinJbltu3B3Z97TyTdByM97
39yR6mtpZSmCMbBaeDnasEVjYll+yHh1uX5FJ8y7pfxZdXQ+Ug8tj7KOFwCPC6G8
UOQk41RLKs8tfxVxuD5xOW/KofPxY+0byqeEFsUQklCDkrS0K0S+Sm1FQz4flAbR
Afp5lMOrS3HXQZl6GX2IyIQamwQDxJuZYAGF0rvCLJVMchJ7nRsnBjqV0NbxXnb8
ROhEcYz5GhNz6ZAZKvLV4KJxjwwhiHyZGM8dXxZpYsJdKOn74eO0LQ2ZEVgHNKGp
6j+3hAkPmFwLjieC+IfW9nQr+k/vkoWf9WMtDgfqCQpdX3OhfjNipQLdCNcUWJDa
/SfMwPyJ4jOUg5eX+82eM8/BWFIbH60N0/uTId2VZQ/yiJW5BcU=
=a0ql
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds