Updated openssl packages fix security vulnerabilities
Publication date: 30 Jan 2026Modification date: 29 Jan 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-15467 , CVE-2025-68160 , CVE-2025-69418 , CVE-2025-69419 , CVE-2025-69420 , CVE-2025-69421 , CVE-2026-22795 , CVE-2026-22796
Description
Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467)
Heap out-of-bounds write in BIO_f_linebuffer on short writes.
(CVE-2025-68160)
Unauthenticated/unencrypted trailing bytes with low-level OCB function
calls. (CVE-2025-69418)
Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion.
(CVE-2025-69419)
Missing ASN1_TYPE validation in TS_RESP_verify_response() function.
(CVE-2025-69420)
NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function.
(CVE-2025-69421)
Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795)
ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function.
(CVE-2026-22796)
References
- https://bugs.mageia.org/show_bug.cgi?id=35077
- https://www.openwall.com/lists/oss-security/2026/01/27/5
- https://www.openwall.com/lists/oss-security/2026/01/27/7
- https://openssl-library.org/news/secadv/20260127.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796
SRPMS
9/core
- openssl-3.0.19-1.mga9