[DLA 4490-1] openssl security update
[SECURITY] [DLA 4490-1] openssl security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-4490-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andreas Henriksson
February 23, 2026 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : openssl
Version : 1.1.1w-0+deb11u5
CVE ID : CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420
CVE-2025-69421 CVE-2026-22795 CVE-2026-22796
Debian Bug :
Aisle Research found multiple vulnerabilites in OpenSSL, a Secure Socket Layer
toolkit providing the SSL and TLS cryptographic protocols for secure
communication over the Internet.
CVE-2025-68160
Petr Simecek (Aisle Research) and Stanislav Fort (Aisle Research) found
writing large, newline-free data into a BIO chain using the line-buffering
filter where the next BIO performs short writes can trigger a heap-based
out-of-bounds write. This out-of-bounds write can cause memory corruption
which typically results in a crash, leading to Denial of Service for an
application.
CVE-2025-69418
Stanislav Fort (Aisle Research) found using the low-level OCB API directly
with AES-NI or other hardware-accelerated code paths, inputs whose length
is not a multiple of 16 bytes can leave the final partial block unencrypted
and unauthenticated. The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.
CVE-2025-69419
Stanislav Fort (Aisle Research) found a maliciously crafted PKCS#12 file
with a BMPString (UTF-16BE) can lead to out-of-bounds write causing a
memory corruption which can have various consequences including a Denial of
Service.
CVE-2025-69420
Luigino Camastra (Aisle Research) found a type confusion vulnerability
exists in the TimeStamp Response verification code, leading to an invalid
or NULL pointer dereference when processing a malformed TimeStamp Response
file. The result is a possible Denial of Service.
CVE-2025-69421
Luigino Camastra (Aisle Research) found out processing a malformed PKCS#12
file can trigger a NULL pointer dereference in the
PKCS12_item_decrypt_d2i_ex() function that can trigger a crash which leads
to Denial of Service for an application processing PKCS#12 files.
CVE-2026-22795
Luigino Camastra (Aisle Research) found that an application processing a
malformed PKCS#12 file can be caused to dereference an invalid or NULL
pointer on memory read, resulting in a Denial of Service.
CVE-2026-22796
Luigino Camastra (Aisle Research) found that an application performing
signature verification of PKCS#7 data or calling directly the
PKCS7_digest_from_attributes() function can be caused to dereference an
invalid or NULL pointer when reading, resulting in a Denial of Service.
More details are available in:
https://openssl-library.org/news/secadv/20260127.txt
For Debian 11 bullseye, these problems have been fixed in version
1.1.1w-0+deb11u5.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
