Debian LTS OpenSSL Critical Security Updates DLA-4630-1
debian lts
June 14, 2026
Several vulnerabilities have been discovered in OpenSSL, a Secure Socket Layer toolkit providing the SSL and TLS cryptographic protocols for secure communication over the Internet
Topics Covered
Summary
CVE-2026-7383
A signed integer overflow when sizing the destination buffer for
Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer
overflow.
CVE-2026-9076
When CMS password-based decryption (RFC 3211 / PWRI key unwrap)
processes attacker-supplied CMS data, an attacker-chosen stream-mode
KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key().
CVE-2026-34180
Parsing a crafted DER-encoded ASN.1 structure with a primitive element
whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platforms.
CVE-2026-42766
A specially crafted password-encrypted CMS message can trigger a NULL
pointer dereference during CMS decryption.
CVE-2026-45447
A specially crafted PKCS#7 or S/MIME signed message could trigger a
use-after-free during PKCS#7 signature verification.
For Debian 11 bullseye, these problems have been fixed in version
1.1.1w-0+deb11u8.
PREVIOUS 
NEXT 
Severity
critical
Lowest
Low
Medium
High
Critical
Package: openssl
Version: 1.1.1w-0+deb11u8
CVE ID: CVE-2026-7383 CVE-2026-9076 CVE-2026-34180 CVE-2026-42766
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!