CLSA-2026-1770667352

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2026-1770667352

Upstream

Published

2026-02-09T20:02:36Z

Modified

2026-06-01T00:32:40.484603798Z

Summary

openssl: Fix of 3 CVEs

Details

CVE-2025-69418: fix OCB AES-NI/HW stream path leaving trailing bytes unauthenticated/unencrypted by advancing pointers after stream processing
CVE-2025-69420: fix missing ASN1TYPE validation in TSRESPverifyresponse for signing certificate attributes
CVE-2025-15468: add a NULL guard before dereferencing SSL_CIPHER to prevent abnormal termination of the running process causing Denial of Service

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.2.2-6.el9_6.1.tuxcare.6.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1770667352.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.2.2-6.el9_6.1.tuxcare.6.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1770667352.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.2.2-6.el9_6.1.tuxcare.6.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1770667352.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:3.2.2-6.el9_6.1.tuxcare.6.els5

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/almalinux9.6esu/CLSA-2026-1770667352.json"