OpenSSL vulnerabilities
Summary
Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. (CVE-2026-34180) Pavol Zacik and Alex Gaynor discovered that OpenSSL incorrectly accepted PKCS#12 files with short HMAC keys when using PBMAC1. An attacker could possibly use this issue to bypass integrity checks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-34181) Asim Viladi Oglu Manizada and Alex Gaynor discovered that OpenSSL could accept forged CMS AuthEnvelopedData messages. An attacker could possibly use this issue to bypass message authentication checks. (CVE-2026-34182) Abhinav Agarwal discovered that OpenSSL had unbounded memory growth in the QUIC PATH_CHALLENGE handler. A remote attacker could possibly use this issue to cause OpenSSL to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-34183) Sunwoo Lee, Hyuk Lim, and Seunghyun Yoon discovered that OpenSSL had a NULL pointer dereference in QUIC server initial packet handling. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42764) Mayank Jangid, Kushal Khemka, Hari Pri Affected Ubuntu releases: 26.04, 25.10, 24.04, 22.04. CVEs: CVE-2026-45447, CVE-2026-34182, CVE-2026-42764, CVE-2026-45446, CVE-2026-42766, CVE-2026-34180, CVE-2026-7383, CVE-2026-34183….
- Ubuntu 26.04
- Ubuntu 25.10
- Ubuntu 24.04
- Ubuntu 22.04
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Mitigation checklist
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 3 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.