{"id":"MGASA-2026-0029","summary":"Updated openssl packages fix security vulnerabilities","details":"Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)\nHeap out-of-bounds write in BIO_f_linebuffer on short writes.\n(CVE-2025-68160)\nUnauthenticated/unencrypted trailing bytes with low-level OCB function\ncalls. (CVE-2025-69418)\nOut of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.\n(CVE-2025-69419)\nMissing ASN1_TYPE validation in TS_RESP_verify_response() function.\n(CVE-2025-69420)\nNULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function.\n(CVE-2025-69421)\nMissing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)\nASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function.\n(CVE-2026-22796)\n","modified":"2026-02-04T02:22:43.770953Z","published":"2026-01-30T00:39:37Z","related":["CVE-2025-15467","CVE-2025-68160","CVE-2025-69418","CVE-2025-69419","CVE-2025-69420","CVE-2025-69421","CVE-2026-22795","CVE-2026-22796"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0029.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35077"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2026/01/27/5"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2026/01/27/7"},{"type":"REPORT","url":"https://openssl-library.org/news/secadv/20260127.txt"}],"affected":[{"package":{"name":"openssl","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/openssl?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.19-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0029.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}