CLSA-2026-1770804474
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu18.04els/CLSA-2026-1770804474.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2026-1770804474
- Upstream
- Published
- 2026-02-11T10:07:58Z
- Modified
- 2026-06-04T09:47:33.348676097Z
- Summary
- Fix CVE(s): CVE-2025-69418, CVE-2025-69421, CVE-2026-22796
- Details
-
- SECURITY UPDATE: The trailing 1-15 bytes of a message may be exposed
in<br>cleartext on encryption and are not covered by the authentication
tag,<br>allowing an attacker to read or tamper with those bytes without
detection
- debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path unauthenticated/unencrypted trailing bytes
- CVE-2025-69418
- SECURITY UPDATE: Invalid or NULL pointer dereference when processing
malformed PKCS#7 data can result in a Denial of Service
- debian/patches/CVE-2026-22796.patch: ensure ASN1 types are checked before use.
- CVE-2026-22796
- SECURITY UPDATE: Processing a malformed PKCS#12 file can trigger a NULL
pointer dereference
- debian/patches/CVE-2025-69421.patch: Check oct argument for NULL
- CVE-2025-69421
- SECURITY UPDATE: The trailing 1-15 bytes of a message may be exposed
in<br>cleartext on encryption and are not covered by the authentication
tag,<br>allowing an attacker to read or tamper with those bytes without
detection
- References
Affected packages
TuxCare:Ubuntu:18.04 / libssl-dev
Package
- Name
- libssl-dev
- Purl
- pkg:deb/tuxcare/libssl-dev?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / libssl-doc
Package
- Name
- libssl-doc
- Purl
- pkg:deb/tuxcare/libssl-doc?distro=ubuntu-18.04
TuxCare:Ubuntu:18.04 / libssl1.1
Package
- Name
- libssl1.1
- Purl
- pkg:deb/tuxcare/libssl1.1?distro=ubuntu-18.04