Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Debian LTS openssl Important Use-After-Free NULL Pointer Issues DLA-4624-1

debian lts
Calendar Grey June 9, 2026
Dist Debian Esm H88
Debian LTS openssl update addresses crucial vulnerabilities. Upgrade to improve security and prevent potential risks.
Several vulnerabilities have been discovered in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet

Summary

CVE-2026-28387

An uncommon configuration of clients performing DANE TLSA-based server
authentication, when paired with uncommon server DANE TLSA records,
may result in a use-after-free and/or double-free on the client side.

CVE-2026-28388

When a delta CRL that contains a Delta CRL Indicator extension is
processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.

CVE-2026-28389

During processing of a crafted CMS EnvelopedData message with
KeyAgreeRecipientInfo a NULL pointer dereference can happen.

CVE-2026-28390

During processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo a NULL pointer dereference can happen.

For Debian 11 bullseye, these problems have been fixed in version
1.1.1w-0+deb11u7.

We recommend that you upgrade your openssl packages.

For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl

Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Package: openssl
Version: 1.1.1w-0+deb11u7
CVE ID: CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here