Not a user yet?
Log in Register for free Suggest a product
Update

USN-8155-1: OpenSSL vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-8155-1: OpenSSL vulnerabilities

Publication date: 8 April 2026
Overview: Several security issues were fixed in OpenSSL.

Packages
openssl - Secure Socket Layer (SSL) cryptographic library and tools

Details
Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected
preferred key exchange group when used as a TLS 1.3 server. This could
result in a less preferred key exchange being used, contrary to
expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673)

Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory
operations when used as a DANE client. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-28387)

Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory
operations when processing a delta CRL. A remote attacker could possibly
use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2026-28388)

Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL
incorrectly handled certain memory operations when processing a crafted CMS
EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker could
possibly use this issue to cause OpenSSL to crash, resulting in a denial
of service. (CVE-2026-28389)

Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL
incorrectly handled processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo. A remote attacker could possibly use this issue
to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2026-28390)

Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal
conversion on 32-bit platforms. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-31789)

Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM
RSASVE Encapsulation. A remote attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-31790)

Update instructions
The problem can be corrected by updating your system to the following package versions:

25.10 questing

  • libssl3t64 – 3.5.3-1ubuntu3.3
  • openssl – 3.5.3-1ubuntu3.3

24.04 LTS noble

  • libssl3t64 – 3.0.13-0ubuntu3.9
  • openssl – 3.0.13-0ubuntu3.9

22.04 LTS jammy

  • libssl3 – 3.0.2-0ubuntu1.23
  • openssl – 3.0.2-0ubuntu1.23
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad