Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia 9 OpenSSL Critical Memory Leak Patch MGASA-2026-0030

mageia
Calendar Grey January 30, 2026
Dist Mageia Esm H88
Updated OpenSSL packages for Mageia address important security issues, necessitating prompt action for system integrity.
MGASA-2026-0029 - Updated openssl packages fix security vulnerabilities

Summary

Description: Stack buffer overflow in CMS AuthEnvelopedData parsing. (CVE-2025-15467) Heap out-of-bounds write in BIO_f_linebuffer on short writes. (CVE-2025-68160) Unauthenticated/unencrypted trailing bytes with low-level OCB function calls. (CVE-2025-69418) Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion. (CVE-2025-69419) Missing ASN1_TYPE validation in TS_RESP_verify_response() function. (CVE-2025-69420) NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function. (CVE-2025-69421) Missing ASN1_TYPE validation in PKCS#12 parsing. (CVE-2026-22795) ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function. (CVE-2026-22796)

References

- https://bugs.mageia.org/show_bug.cgi?id=35077

- https://www.openwall.com/lists/oss-security/2026/01/27/5

- https://www.openwall.com/lists/oss-security/2026/01/27/7

- https://openssl-library.org/news/secadv/20260127.txt

- https://www.cve.org/CVERecord?id=CVE-2025-15467

- https://www.cve.org/CVERecord?id=CVE-2025-68160

- https://www.cve.org/CVERecord?id=CVE-2025-69418

- https://www.cve.org/CVERecord?id=CVE-2025-69419

- https://www.cve.org/CVERecord?id=CVE-2025-69420

- https://www.cve.org/CVERecord?id=CVE-2025-69421

- https://www.cve.org/CVERecord?id=CVE-2026-22795

- https://www.cve.org/CVERecord?id=CVE-2026-22796

Topics%20covered

Topics Covered

security advisory buffer overflow OpenSSL important data validation Mageia

Resolution

SRPMS

- 9/core/openssl-3.0.19-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 30 Jan 2026
URL: https://advisories.mageia.org/MGASA-2026-0029.html
Type: security
CVE: CVE-2025-15467, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796

Topics%20covered

Topics Covered

security advisory buffer overflow OpenSSL important data validation Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here