[SECURITY] Fedora 44 Update: pyOpenSSL-26.1.0-1.fc44

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

Fedora 43 : krb5 (2026-684396998a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-684396998a advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 - Add upstream patches to build against openssl 4.0 - Make configure.ac work wit...

PT-2026-37625

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 OpenSSL 3.x Description An inappropriate implementation in Tint within Google Chrome allows a remote attacker to potentially perform a sandbox escape using a crafted HTML page. In OpenSSL, a...

CLSA-2026-1778020314 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

CLSA-2026-1778020035 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...

CLSA-2026-1777566580 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

CLSA-2026-1777948139 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

SUSE-SU-2026:21544-1 Security update for openssl-3-x86_64-v3-livepatches

This update for openssl-3-x8664-v3-livepatches fixes the following issues: Changes in openssl-3-x8664-v3-livepatches: - Add package for libopenssl3-x86-64-v3-3.5.0 bsc1259271. Fixed: - CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. -...

OPENSUSE-SU-2026:20673-1 Security update for openssl-3-x86_64-v3-livepatches

This update for openssl-3-x8664-v3-livepatches fixes the following issues: Changes in openssl-3-x8664-v3-livepatches: - Add package for libopenssl3-x86-64-v3-3.5.0 bsc1259271. Fixed: - CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. -...

PT-2026-37265

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.7 through 0.10.78 Description The X509Ref::ocsp responders function returns OCSP responder URLs from a certificate's AIA extension as OpensslString. The Deref implementation wraps raw bytes using str::from utf8...

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary PowerVM relies on OpenSSL to support a range of features, such as virtual TPM, LPM, and other functionalities that require cryptographic operations. This bulletin provides a remediation for the impacted vulnerability, CVE-2026-22796 by upgrading PowerVM and thus addressing the exposure to...

Security Bulletin: Multiple vulnerabilities impact AIX due to OpenSSL

Summary Vulnerabilities in OpenSSL could send contents of an uninitialized memory buffer CVE-2026-31790, cause a use-after-free CVE-2026-28387, cause a NULL pointer dereference CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, or lead to a buffer overflow CVE-2026-31789. OpenSSL is used by AIX as...

Multiple vulnerabilities impact AIX due to OpenSSL

IBM SECURITY ADVISORY First Issued: Mon May 4 15:13:40 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssladvisory47.asc Security Bulletin: Multiple vulnerabilities impact AIX due to OpenSSL...

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

RHCOS 4 : Red Hat build of MicroShift 4.15.6 (RHSA-2024:1561)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1561 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Note that Nessus has not tested for this iss...

net-imap vulnerable to denial of service via high iteration count for `SCRAM-*` authentication

Summary When authenticating a connection with SCRAM-SHA1 or SCRAM-SHA256, a hostile server can perform a computational denial-of-service attack on the client process by sending a big iteration count value. Details A hostile IMAP server can send an arbitrarily large PBKDF2 iteration count in the...

RHCOS 4 : Red Hat build of MicroShift 4.14.19 (RHSA-2024:1566)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1566 advisory. - golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Note that Nessus has not tested for this iss...

Astra Linux – Vulnerability in Node.js

Node.js versions that bundle a unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL that is also unpatched are vulnerable to the Marvin attack – https://people.redhat.com/hkario/marvin/. This vulnerability occurs when performing RSA decryption using a private key,...

Astra Linux – Vulnerability in OpenSSL

The function PEMreadbioex reads a PEM file from a BIO, parses, and decodes the “name” e.g., “CERTIFICATE”, any header data, and the payload data. If the function succeeds, the “nameout”, “header”, and “data” arguments are populated with pointers to buffers containing the relevant decoded data. Th...