SUSE-SU-2026:1213-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

CVE-2026-28390

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

USN-8155-1 openssl vulnerabilities

Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. CVE-2026-2673 Igor Morgenstern...

USN-8155-1: OpenSSL vulnerabilities

Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. CVE-2026-2673 Igor Morgenstern...

EUVD-2026-19958

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

OpenSSL Toolkit 3.6.2

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.6 release...

OpenSSL Toolkit 3.3.7

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.3 release...

FreeBSD : OpenSSL -- Multiple vulnerabilities (c7a52cee-32ab-11f1-9839-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c7a52cee-32ab-11f1-9839-8447094a420f advisory. The OpenSSL project reports: Seven vulnerabilities in OpenSSL library. Highest classification...

nginx:1.24 security update

1.24.0-5.2.0.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 - Remove Red Hat references Orabug: 29498217 1:1.24.0-5.2 - Resolves: RHEL-157886 CVE-2026-32647 nginx:1.24/nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files - Resolves: RHEL-159445...

OpenSSL Toolkit 3.5.6

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.5 LTS release...

OpenSSL Toolkit 3.4.5

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.4 release...

OpenSSL Toolkit 3.0.20

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.0 LTS release...

Debian: Security Advisory (DSA-6201-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Critical Photon OS Security Update - PHSA-2026-4.0-0993

Updates of 'openssl' packages of Photon OS have been released...

SUSE CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the AES-CFB-128 process on x86-64 systems with AVX-512 and VAES support when processing partial cipher blocks. An attacker can cause a crash and application termination by providing input buffers that end at a memo...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the DANE client authentication process. An attacker can cause memory corruption, application crashes, or potentially execute arbitrary code by manipulating TLSA records with both PKIX-TA/PKIX-EE and DANE-TA certificate...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the delta CRL processing when the required CRLNumber extension is missing. An attacker can cause an application crash by supplying a specially crafted malformed CRL file. Note: This is only exploitable if the...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a crafted CMS EnvelopedData message with a missing optional parameters field in the RSA-OAEP SourceFunc algorithm identifier. Notes: - This...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...