Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

Ubuntu 20.04 LTS OpenSSL Critical Denial of Service Issues USN-8155-2

Calendar Apr 09, 2026 User Avatar LinuxSecurity Advisories
2 - 4 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu OpenSSL memory operation
Several security issues were fixed in OpenSSL. 
==========================================================================
Ubuntu Security Notice USN-8155-2
April 09, 2026

openssl, openssl1.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSL.

Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools

Details:

USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the
corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS.
CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and
CVE-2026-28390 for openssl and openssl1.0 for Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS.

Original advisory details:

 Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the
 expected preferred key exchange group when used as a TLS 1.3 server. This
 could result in a less preferred key exchange being used, contrary to
 expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673)

 Igor Morgenstern discovered that OpenSSL incorrectly handled certain
 memory operations when used as a DANE client. A remote attacker could use
 this issue to cause OpenSSL to crash, resulting in a denial of service, or
 possibly execute arbitrary code. (CVE-2026-28387)

 Igor Morgenstern discovered that OpenSSL incorrectly handled certain
 memory operations when processing a delta CRL. A remote attacker could
 possibly use this issue to cause OpenSSL to crash, resulting in a denial
 of service. (CVE-2026-28388)

 Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL
 incorrectly handled certain memory operations when processing a crafted
 CMS EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker
 could possibly use this issue to cause OpenSSL to crash, resulting in a
 denial of service. (CVE-2026-28389)

 Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL
 incorrectly handled processing of a crafted CMS EnvelopedData message with
 KeyTransportRecipientInfo. A remote attacker could possibly use this issue
 to cause OpenSSL to crash, resulting in a denial of service.
 (CVE-2026-28390)

 Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal
 conversion on 32-bit platforms. A remote attacker could use this issue to
 cause OpenSSL to crash, resulting in a denial of service, or possibly
 execute arbitrary code. (CVE-2026-31789)

 Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM
 RSASVE Encapsulation. A remote attacker could possibly use this issue to
 obtain sensitive information. (CVE-2026-31790)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  libssl1.1                       1.1.1f-1ubuntu2.24+esm3
                                  Available with Ubuntu Pro
  openssl                         1.1.1f-1ubuntu2.24+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  libssl1.0.0                     1.0.2n-1ubuntu5.13+esm4
                                  Available with Ubuntu Pro
  libssl1.1                       1.1.1-1ubuntu2.1~18.04.23+esm8
                                  Available with Ubuntu Pro
  openssl                         1.1.1-1ubuntu2.1~18.04.23+esm8
                                  Available with Ubuntu Pro
  openssl1.0                      1.0.2n-1ubuntu5.13+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libssl1.0.0                     1.0.2g-1ubuntu4.20+esm15
                                  Available with Ubuntu Pro
  openssl                         1.0.2g-1ubuntu4.20+esm15
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libssl1.0.0                     1.0.1f-1ubuntu2.27+esm13
                                  Available with Ubuntu Pro
  openssl                         1.0.1f-1ubuntu2.27+esm13
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8155-2
  https://ubuntu.com/security/notices/USN-8155-1
  CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390

Ubuntu 20.04 LTS OpenSSL Critical Denial of Service Issues USN-8155-2

ubuntu
Calendar Grey April 9, 2026
Dist Ubuntu Esm H88
Critical updates for OpenSSL address multiple vulnerabilities in Ubuntu, ensuring secure operations across various releases.
Several security issues were fixed in OpenSSL.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in OpenSSL. Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools - openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools Details: USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS. CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and CVE-2026-28390 for openssl and openssl1.0 for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange bein...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu OpenSSL memory operation

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS libssl1.1 1.1.1f-1ubuntu2.24+esm3 Available with Ubuntu Pro openssl 1.1.1f-1ubuntu2.24+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS libssl1.0.0 1.0.2n-1ubuntu5.13+esm4 Available with Ubuntu Pro libssl1.1 1.1.1-1ubuntu2.1~18.04.23+esm8 Available with Ubuntu Pro openssl 1.1.1-1ubuntu2.1~18.04.23+esm8 Available with Ubuntu Pro openssl1.0 1.0.2n-1ubuntu5.13+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS libssl1.0.0 1.0.2g-1ubuntu4.20+esm15 Available with Ubuntu Pro openssl 1.0.2g-1ubuntu4.20+esm15 Available with Ubuntu Pro Ubuntu 14.04 LTS libssl1.0.0 1.0.1f-1ubuntu2.27+esm13 Available with Ubuntu Pro openssl 1.0.1f-1ubuntu2.27+esm13 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8155-2

https://ubuntu.com/security/notices/USN-8155-1

CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8155-2

Topics%20covered

Topics Covered

security advisory denial of service critical Ubuntu OpenSSL memory operation

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here