23525 matches found
MGASA-2026-0253 Updated openssl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion. CVE-2026-7383 Out-of-Bounds Read in CMS Password-Based Decryption. CVE-2026-9076 Heap Buffer Over-read in ASN.1 Content Parsing. CVE-2026-34180 PKCS12 Files with PBMAC1 Are...
RLSA-2026:39297 Moderate: edk2 security, bug fix, and enhancement update
EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-31790 openssl: OpenSS...
edk2 security, bug fix, and enhancement update
An update is available for edk2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...
Security update for go1.25-openssl (critical)
openSUSE security update: security update for go1.25-openssl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21319-1 Rating: critical References: bsc1170826 bsc1244485 bsc1245878 bsc1256818 bsc1257692 bsc1259264 bsc1259265 bsc1259268 bsc1261653...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
Moderate: Red Hat Security Advisory: edk2 security, bug fix, and enhancement update
An update for edk2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing
A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...
SUSE-SU-2026:2977-1 Security update for afterburn
This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...
SUSE-SU-2026:2976-1 Security update for afterburn
This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...
SUSE-SU-2026:2975-1 Security update for afterburn
This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...
RHSA-2026:39012 Red Hat Security Advisory: compat-openssl11 security update
Bulletin has no description...
RHSA-2026:39009 Red Hat Security Advisory: compat-openssl11 security update
Bulletin has no description...
RLSA-2026:38503 Moderate: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing...
openssl security update
An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...
Linux Distros Unpatched Vulnerability : CVE-2026-58102
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension...
Linux Distros Unpatched Vulnerability : CVE-2026-58101
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER...
openSUSE 16: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (openSUSE-SU-2026:21308-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21308-1 advisory. This update for php8 fixes the following issues - Update to versio 8.4.23 - CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL...
DEBIAN-CVE-2026-58101
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...
DEBIAN-CVE-2026-58102
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...
CVE-2026-58102
Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...