SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2026:1255-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1255-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta C...

OPENSUSE-SU-2026:10533-1 libopenssl-3-devel-3.5.3-4.1 on GA media

These are all security issues fixed in the libopenssl-3-devel-3.5.3-4.1 package on the GA media of openSUSE Tumbleweed...

Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2026-101-01)

The version of openssl installed on the remote host is prior to 1.1.1zg / 3.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-101-01 advisory. New openssl packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted t...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1257-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1257-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processi...

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:1256-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1256-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta C...

Updated openssl packages fix security vulnerabilities

Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...

MGASA-2026-0091 Updated openssl packages fix security vulnerabilities

Incorrect Failure Handling in RSA KEM RSASVE Encapsulation. CVE-2026-31790 Potential Use-after-free in DANE Client Code. CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL. CVE-2026-28388 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo. CVE-2026-28389 Possible...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

SUSE-SU-2026:1257-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInf...

Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

CVE-2026-28388

A flaw was found in OpenSSL. When processing a malformed delta Certificate Revocation List CRL that lacks a required CRL Number extension, a NULL pointer dereference can occur. This vulnerability can be exploited by a remote attacker who provides a specially crafted delta CRL to an application th...

CVE-2026-28389

A flaw was found in OpenSSL. A remote attacker could exploit this by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message with KeyAgreeRecipientInfo. This vulnerability arises because the software attempts to process an optional field without verifying its existence,...

CVE-2026-28386

A flaw was found in openssl. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support may experience a Denial of Service DoS. This occurs when processing partial cipher blocks, specifically if the input buffer ends at a memory page boundary and the subsequen...

CVE-2026-28387

A flaw was found in OpenSSL. An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. This vulnerability could lead to data corruption, applicati...

EUVD-2026-21294

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

UBUNTU-CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

CVE-2026-5501

CVE-2026-5501 involves wolfSSL’s X509_verify_cert in the OpenSSL compatibility layer. The vulnerability arises when a certificate chain is presented where the leaf’s signature is not checked if an untrusted intermediate (CA:FALSE) signed by a trusted root is supplied. An attacker with any leaf ce...