JLSEC-2026-239 Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them...

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

JLSEC-2026-231 openssl-src subject to Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

JLSEC-2026-235 A security vulnerability has been identified in all supported versions of OpenSSL related to the...

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

CLSA-2026-1777297012 openssl: Fix of 3 CVEs

CVE-2026-28388: fix NULL dereference in checkdeltabase when a Delta CRL lacks the CRL Number extension - CVE-2026-28389: fix NULL dereference in dh/ecdhcmssetsharedinfo when KeyEncryptionAlgorithmIdentifier has no parameters field - CVE-2026-28390: fix NULL dereference in rsacmsdecrypt when the...

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

Linux Distros Unpatched Vulnerability : CVE-2026-41898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind...

Linux Distros Unpatched Vulnerability : CVE-2026-41678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that...

Linux Distros Unpatched Vulnerability : CVE-2026-41676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.l...

RHEL 8 : RHUI 4.11.4 security update - python-pyOpenSSL (Important) (RHSA-2026:10754)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:10754 advisory. Red Hat Update Infrastructure RHUI provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud...

Linux Distros Unpatched Vulnerability : CVE-2026-41677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length...

Linux Distros Unpatched Vulnerability : CVE-2026-41681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the ou...

CVE-2026-41676

A flaw was found in rust-openssl, a library that provides cryptographic functionalities by binding to OpenSSL. When interacting with OpenSSL 1.1.x, the Deriver::derive function does not correctly manage buffer sizes during key derivation operations. This oversight can lead to a memory overflow,...

CVE-2026-41681

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. The EVPDigestFinal function, used for cryptographic hashing, can write past the end of its intended output buffer if the buffer is too small. This out-of-bounds write can corrupt the program'...

CVE-2026-41678

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. A remote attacker could exploit an incorrect assertion in the aes::unwrapkey function. This flaw causes the function to incorrectly validate buffer sizes, allowing a smaller output buffer tha...

CVE-2026-41898

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. Foreign Function Interface FFI trampolines in several SslContextBuilder callbacks did not properly validate the size of data returned by user-defined closures before passing it to OpenSSL. Th...

OESA-2026-2079 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...

OESA-2026-2045 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

OESA-2026-2044 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

[SECURITY] Fedora 44 Update: openssl-3.5.5-2.fc44

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

SUSE SLES12 Security Update : python-pyOpenSSL (SUSE-SU-2026:1582-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1582-1 advisory. This update for python-pyOpenSSL fixes the following issue: - CVE-2026-27448: unhandled exception can result in connection not being cancelled...