Ubuntu 25.10 OpenSSL Important DoS Security Advisory USN-7980-1

ubuntu

January 27, 2026

Several security issues were fixed in OpenSSL.

Summary

Several security issues were fixed in OpenSSL.

Software Description:

- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Stanislav Fort, Petr \u0160ime\u010dek, and Hamza discovered that OpenSSL

incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC

verification. An attacker could possibly use this issue to cause OpenSSL to

crash, resulting in a denial of service. This issue only affected Ubuntu

25.10. (CVE-2025-11187)

Stanislav Fort discovered that OpenSSL incorrectly parsed CMS

AuthEnvelopedData messages. An attacker could possibly use this issue to

cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)

Stanislav Fort discovered that OpenSSL incorrectly handled memory in the

SSL_CIPHER_find() function. An attacker could possibly use this issue to

cause OpenSSL to crash, resulting in a denial of service. This issue only

affected Ubuntu 25.10. (CVE-2025-15468)

Stanislav Fort discovered that the OpenSSL "openssl dgst" comma...

Read the Full Advisory

Topics Covered

security advisory denial of service update Ubuntu OpenSSL important

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libssl3t64                      3.5.3-1ubuntu3
  openssl                         3.5.3-1ubuntu3

Ubuntu 24.04 LTS
  libssl3t64                      3.0.13-0ubuntu3.7
  openssl                         3.0.13-0ubuntu3.7

Ubuntu 22.04 LTS
  libssl3                         3.0.2-0ubuntu1.21
  openssl                         3.0.2-0ubuntu1.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7980-1

CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469,

CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419,

CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796

Severity

important

Lowest

Low

Medium

High

Critical

Ubuntu Security Notice USN-7980-1

Topics Covered

security advisory denial of service update Ubuntu OpenSSL important

Package Information

https://launchpad.net/ubuntu/+source/openssl/3.5.3-1ubuntu3

https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.7

https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.21

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Ubuntu 25.10 OpenSSL Important DoS Security Advisory USN-7980-1

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Ubuntu 25.10 OpenSSL Important DoS Security Advisory USN-7980-1

Summary

Topics Covered

Update Instructions

References

Topics Covered

Package Information

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!