[ALSA-2026:1473] Important: openssl security update
Type:
security
Severity:
important
Release date:
2026-02-02
Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187) * openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467) * openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468) * openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469) * openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199) * openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160) * openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418) * openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419) * openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421) * openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420) * openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795) * openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 openssl-libs-3.5.1-7.el9_7.aarch64.rpm 3f9f0a2e0d3275f8fa85fea4d46a99ef9e3c19651573664d79a2850c1c030c00
aarch64 openssl-perl-3.5.1-7.el9_7.aarch64.rpm 564f55e854d236936359cbd680addee026a47cce58d184073abf22aaa3ec7928
aarch64 openssl-devel-3.5.1-7.el9_7.aarch64.rpm a6bfdcbeff146973679140ed32514ee90866a221ef3f36f17172ce1f31593021
aarch64 openssl-3.5.1-7.el9_7.aarch64.rpm d4596369c2435af1cea7e68b11106f7a9afe359b0d29d40411bf6310edee17f7
i686 openssl-libs-3.5.1-7.el9_7.i686.rpm 254e3e799bd3b2823acab88629fd4fc206e8414fb2606f71e3e1742ab3113db7
i686 openssl-devel-3.5.1-7.el9_7.i686.rpm 3cc7bca283a309d7919cc67b29985c16cc5628beb1b510247b371a79d0baf5ce
ppc64le openssl-libs-3.5.1-7.el9_7.ppc64le.rpm 50116440b1c939031a2caf66ba8f458613feef4329c1f6300f196f007a8065ca
ppc64le openssl-3.5.1-7.el9_7.ppc64le.rpm 93e70985f02514aaf07168cb1c9f44a108b474bc387b9cd684a19f57ee1f85cd
ppc64le openssl-devel-3.5.1-7.el9_7.ppc64le.rpm bd8d846d861a077ead69f8c3b92d9f5545bf76606152367ed66b2f199f2841e5
ppc64le openssl-perl-3.5.1-7.el9_7.ppc64le.rpm ec4de78e46e2f5ad5064c14b55ad92883a3e02550ec43abf6fbf402f69bbd6bb
s390x openssl-libs-3.5.1-7.el9_7.s390x.rpm 35121c8c43ba11dfa64f58e4c03747de962eb45108276d6ffb8f53e7c3855d55
s390x openssl-perl-3.5.1-7.el9_7.s390x.rpm 3da95650b105c12757ad0f57ea05fd670721b359acd101d49e93f7dc8bc51e32
s390x openssl-devel-3.5.1-7.el9_7.s390x.rpm 497681db6ed9c2e4920882825568a4ef26261a8c9be105bba2d93af180db6cbd
s390x openssl-3.5.1-7.el9_7.s390x.rpm d47597630d121712cb843cbb9e0c95a87ec1990e5c36ea4b939b73f6ee7dd319
x86_64 openssl-perl-3.5.1-7.el9_7.x86_64.rpm a6df70be54862d791d6f05b016b38de8e04a0812f156ac67214a8914a3f3aeb6
x86_64 openssl-libs-3.5.1-7.el9_7.x86_64.rpm ee20515b9d11b141d70460dbedad0985875c1dc1aa4806dc5d0e28f7bcb97759
x86_64 openssl-3.5.1-7.el9_7.x86_64.rpm efe416d967799f801b1505df7a6def2e855b600024939f384093ae17beaf530f
x86_64 openssl-devel-3.5.1-7.el9_7.x86_64.rpm fa07c6ddcb4518a92f88008d8a2b47b28706182347f550994000cd2049651af2
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.