openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

PT-2026-45443

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

Tychon 安全漏洞

Tychon is a terminal security analysis and management platform developed by the American company Tychon. There is a security vulnerability in Tychon, which stems from the OPENSSLDIR variable in the OpenSSL component potentially being controlled by non-privileged users. This vulnerability could...

ALSA-2026:22312 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing...

ALSA-2026:22313 Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer...

ALSA-2026:22314 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing...

ALSA-2026:22315 Moderate: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: OpenSSL:...

Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer...

Moderate: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: OpenSSL:...

RLSA-2026:19066 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-317...

openssl security update

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and...

OESA-2026-2507 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2471 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

OESA-2026-2468 qt5-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

Security Bulletin: IBM Edge Data Collector uses openssl-0.10.76.crate which is vulnerable to CVE-2026-41898

Summary IBM Edge Data Collector Component uses openssl-0.10.76.crate which is vulnerable to CVE-2026-41898. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41898 DESCRIPTION: rust-openssl provides OpenSSL bindings for the Rust programming...

Security Bulletin: IBM Edge Data Collector uses openssl-0.10.76.crate which is vulnerable to CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681

Summary IBM Edge Data Collector Component uses openssl-0.10.76.crate which is vulnerable to CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41676 DESCRIPTION: rust-openssl provide...

SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

SUSE SLED15 / SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2078-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2078-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

SUSE SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2093-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2093-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2092-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2092-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...