MGASA-2026-0253

Source
https://advisories.mageia.org/MGASA-2026-0253.html
Import Source
https://advisories.mageia.org/MGASA-2026-0253.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0253
Upstream
Published
2026-07-15T17:33:12Z
Modified
2026-07-15T17:49:59.909323566Z
Summary
Updated openssl packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion. (CVE-2026-7383) Out-of-Bounds Read in CMS Password-Based Decryption. (CVE-2026-9076) Heap Buffer Over-read in ASN.1 Content Parsing. (CVE-2026-34180) PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys. (CVE-2026-34181) CMS AuthEnvelopedData Processing May Accept Forged Messages. (CVE-2026-34182) Unbounded Memory Growth in the QUIC PATHCHALLENGE Handler. (CVE-2026-34183) NULL Pointer Dereference in QUIC Server Initial Packet Handling. (CVE-2026-42764) Possible NULL Dereference in Password-Based CMS Decryption. (CVE-2026-42766) NULL Pointer Dereference in CRMF EncryptedValue Decryption. (CVE-2026-42767) Multi-RecipientInfo Bleichenbacher Oracle in CMSdecrypt() and PKCS7decrypt(). (CVE-2026-42768) Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate. (CVE-2026-42769) FFC-DH Peer Validation Uses Attacker-Supplied q. (CVE-2026-42770) AES-OCB IV Ignored on EVPCipher() Path. (CVE-2026-45445) Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes. (CVE-2026-45446) Heap Use-After-Free in the PKCS7_verify(). (CVE-2026-45447)

References
Credits

Affected packages

Mageia:10 / openssl

Package

Name
openssl
Purl
pkg:rpm/mageia/openssl?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.5.7-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0253.json"

Mageia:9 / openssl

Package

Name
openssl
Purl
pkg:rpm/mageia/openssl?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.21-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0253.json"