RLSA-2026:1473

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.

Security Fix(es):

• openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)

• openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)

• openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)

• openssl: OpenSSL: Data integrity bypass in openssl dgst command due to silent truncation (CVE-2025-15469)

• openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)

• openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)

• openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)

• openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)

• openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)

• openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)

• openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)

• openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.