Ubuntu Security Update USN-7786-1: OpenSSL vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to decrypt CMS messages encrypted with password-based encryption. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-9230) Stanislav Fort discovered that OpenSSL had a timing side-channel in SM2 signature computations on ARM platforms. A remote attacker could possibly use this issue to recover private data. This issue only affected Ubuntu 25.04. (CVE-2025-9231) Stanislav Fort discovered that OpenSSL incorrectly handled memory during HTTP requests when "no_proxy" environment variable is set. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.04. (CVE-2025-9232)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-7980-1: OpenSSL vulnerabilities
Replies
0
Views
267
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-7980-2: OpenSSL vulnerabilities
Replies
0
Views
224
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8155-1: OpenSSL vulnerabilities
Replies
0
Views
257
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8062-1: curl vulnerabilities
Replies
0
Views
201
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8155-2: OpenSSL vulnerabilities
Replies
0
Views
262
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 4,633 (members: 3, guests: 4,630)

Latest posts

Top