{"id":"RLSA-2026:1472","summary":"Important: openssl security update","details":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file (CVE-2025-11187)\n\n* openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing (CVE-2025-15467)\n\n* openssl: OpenSSL: Denial of Service via NULL pointer dereference in QUIC protocol handling (CVE-2025-15468)\n\n* openssl: OpenSSL: Data integrity bypass in `openssl dgst` command due to silent truncation (CVE-2025-15469)\n\n* openssl: OpenSSL: Denial of Service due to excessive memory allocation in TLS 1.3 certificate compression (CVE-2025-66199)\n\n* openssl: OpenSSL: Denial of Service due to out-of-bounds write in BIO filter (CVE-2025-68160)\n\n* openssl: OpenSSL: Information disclosure and data tampering via specific low-level OCB encryption/decryption calls (CVE-2025-69418)\n\n* openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing (CVE-2025-69419)\n\n* openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing (CVE-2025-69421)\n\n* openssl: OpenSSL: Denial of Service via malformed TimeStamp Response (CVE-2025-69420)\n\n* openssl: OpenSSL: Denial of Service due to type confusion in PKCS#12 file processing (CVE-2026-22795)\n\n* openssl: OpenSSL: Denial of Service via type confusion in PKCS#7 signature verification (CVE-2026-22796)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T22:29:59.291375Z","published":"2026-01-30T22:11:19.202965Z","upstream":["CVE-2025-11187","CVE-2025-15467","CVE-2025-15468","CVE-2025-15469","CVE-2025-66199","CVE-2025-68160","CVE-2025-69418","CVE-2025-69419","CVE-2025-69420","CVE-2025-69421","CVE-2026-22795","CVE-2026-22796"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:1472"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430376"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430390"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430379"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430389"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430377"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430381"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430375"}],"affected":[{"package":{"name":"openssl","ecosystem":"Rocky Linux:10","purl":"pkg:rpm/rocky-linux/openssl?distro=rocky-linux-10&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.1-7.el10_1"}],"database_specific":{"yum_repository":"BaseOS"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2026:1472.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}