Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Ubuntu 25.10 OpenSSL Important DoS Security Advisory USN-7980-1

Calendar Jan 27, 2026 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service update Ubuntu OpenSSL important
Several security issues were fixed in OpenSSL. 
==========================================================================
Ubuntu Security Notice USN-7980-1
January 27, 2026

openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Stanislav Fort, Petr \u0160ime\u010dek, and Hamza discovered that OpenSSL
incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC
verification. An attacker could possibly use this issue to cause OpenSSL to
crash, resulting in a denial of service. This issue only affected Ubuntu
25.10. (CVE-2025-11187)

Stanislav Fort discovered that OpenSSL incorrectly parsed CMS
AuthEnvelopedData messages. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)

Stanislav Fort discovered that OpenSSL incorrectly handled memory in the
SSL_CIPHER_find() function. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of service. This issue only
affected Ubuntu 25.10. (CVE-2025-15468)

Stanislav Fort discovered that the OpenSSL "openssl dgst" command line
tool incorrectly truncated data to 16MB. An attacker could posibly use this
issue to hide unauthenticated data beyond the 16MB limit. This issue only
affected Ubuntu 25.10. (CVE-2025-15469)

Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled
memory with TLS 1.3 connections using certificate compression. An attacker
could possibly use this issue to consume resources, leading to a denial of
service. This issue only affected Ubuntu 25.10. (CVE-2025-66199)

Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled
memory when writing large data into a BIO chain. An attacker could possibly
use this issue to consume resources, leading to a denial of service.
(CVE-2025-68160)

Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave
final partial blocks unencrypted and unauthenticated. An attacker could
possibly use this issue to read or tamper with the affected final bytes.
(CVE-2025-69418)

Stanislav Fort discovered that OpenSSL incorrectly handled the
PKCS12_get_friendlyname() utf-8 conversion. An attacker could possibly use
this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2025-69419)

Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE
validation in the TS_RESP_verify_response() function. An attacker could
possibly use this issue to cause OpenSSL to crash, resulting in a denial of
service. (CVE-2025-69420)

Luigino Camastra discovered that OpenSSL incorrectly handled memory in the
PKCS12_item_decrypt_d2i_ex function. An attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2025-69421)

Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE
validation in PKCS#12 parsing. An attacker could possibly use this issue to
cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795)

Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE
validation in the PKCS7_digest_from_attributes() function. An attacker
could possibly use this issue to cause OpenSSL to crash, resulting in a
denial of service. (CVE-2026-22796)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  libssl3t64                      3.5.3-1ubuntu3
  openssl                         3.5.3-1ubuntu3

Ubuntu 24.04 LTS
  libssl3t64                      3.0.13-0ubuntu3.7
  openssl                         3.0.13-0ubuntu3.7

Ubuntu 22.04 LTS
  libssl3                         3.0.2-0ubuntu1.21
  openssl                         3.0.2-0ubuntu1.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7980-1
  CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469,
  CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419,
  CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796

Package Information:
  https://launchpad.net/ubuntu/+source/openssl/3.5.3-1ubuntu3
  https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.7
  https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.21

Ubuntu 25.10 OpenSSL Important DoS Security Advisory USN-7980-1

ubuntu
Calendar Grey January 27, 2026
Dist Ubuntu Esm H88
Critical security issues in OpenSSL on Ubuntu fixed. Upgrade now to safeguard your systems from potential threats.
Several security issues were fixed in OpenSSL.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: Stanislav Fort, Petr \u0160ime\u010dek, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187) Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467) Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSL_CIPHER_find() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a den...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service update Ubuntu OpenSSL important

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libssl3t64 3.5.3-1ubuntu3 openssl 3.5.3-1ubuntu3 Ubuntu 24.04 LTS libssl3t64 3.0.13-0ubuntu3.7 openssl 3.0.13-0ubuntu3.7 Ubuntu 22.04 LTS libssl3 3.0.2-0ubuntu1.21 openssl 3.0.2-0ubuntu1.21 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7980-1

CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469,

CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419,

CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7980-1

Topics%20covered

Topics Covered

security advisory denial of service update Ubuntu OpenSSL important

Package Information

https://launchpad.net/ubuntu/+source/openssl/3.5.3-1ubuntu3 https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.7 https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.21

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here