Oracle Linux 8 : openssl (ELSA-2026-50131)

🗓️ 04 Mar 2026 00:00:00Reported by TenableType

Oracle Linux 8 openssl fixes CVE-2025-69419 and CVE-2025-9230 addressing out-of-bounds issues.

Reporter	Title	Published	Views	Family All 782
FreeBSD	OpenSSL -- multiple vulnerabilities	30 Sep 202500:00	–	freebsd
FreeBSD	OpenSSL -- Multiple vulnerabilities	27 Jan 202600:00	–	freebsd
FreeBSD	LibreSSL -- overwrite and -read vulnerability	1 Oct 202500:00	–	freebsd
IBM Security Bulletins	Security Bulletin: Muliple security vulnerabilities found in IBM CICS TX Standard.	22 Apr 202614:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Operator package issues	17 Dec 202514:32	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i is affected by multiple vulnerabilities in OpenSSL	17 Mar 202621:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM MQ Operator and Queue manager container images	10 Dec 202516:39	–	ibm
IBM Security Bulletins	Security Bulletin: TSSC/IMC addresses multiple security vulnerabilities.	25 Feb 202617:18	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in openssl library (CVE-2025-9230) affects Power HMC.	31 Mar 202615:33	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in OpenSSL affects IBM Netezza Appliance	16 Apr 202611:32	–	ibm

Source	Link
linux	www.linux.oracle.com/errata/ELSA-2026-50131.html
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2026-50131.
##

include('compat.inc');

if (description)
{
  script_id(300492);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");

  script_cve_id("CVE-2025-69419");
  script_xref(name:"IAVA", value:"2026-A-0087-S");

  script_name(english:"Oracle Linux 8 : openssl (ELSA-2026-50131)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2026-50131 advisory.

    - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
      ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients
      Resolves: RHEL-149165
      Resolves: RHEL-142715
    - Backport fix for openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
      Fix CVE-2025-9230
      Resolves: RHEL-128615

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2026-50131.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-69419");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/02/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssl-static");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_product)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
if (! preg(pattern:"^8([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Oracle Linux 8.x', 'Oracle Linux ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var constraints = [
  {
    'release': '8',
    'pkgs': [
      {'reference':'openssl-1.1.1k-15.ksplice1.el8_6', 'cpu':'aarch64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-devel-1.1.1k-15.ksplice1.el8_6', 'cpu':'aarch64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-libs-1.1.1k-15.ksplice1.el8_6', 'cpu':'aarch64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-perl-1.1.1k-15.ksplice1.el8_6', 'cpu':'aarch64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-static-1.1.1k-15.ksplice1.el8_6', 'cpu':'aarch64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-devel-1.1.1k-15.ksplice1.el8_6', 'cpu':'i686', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-libs-1.1.1k-15.ksplice1.el8_6', 'cpu':'i686', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-1.1.1k-15.ksplice1.el8_6', 'cpu':'x86_64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-devel-1.1.1k-15.ksplice1.el8_6', 'cpu':'x86_64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-libs-1.1.1k-15.ksplice1.el8_6', 'cpu':'x86_64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
      {'reference':'openssl-perl-1.1.1k-15.ksplice1.el8_6', 'cpu':'x86_64', 'el_string':'ksplice1.el8_6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-devel / openssl-libs / etc');
}

30 Apr 2026 00:00Current

7High risk

Vulners AI Score7

CVSS 3.17.5

EPSS0.0177

SSVC