-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4624-1 [email protected]
https://www.debian.org/lts/security/ Arnaud Rebillout
June 09, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : openssl
Version : 1.1.1w-0+deb11u7
CVE ID : CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390
Several vulnerabilities have been discovered in OpenSSL, a Secure Socket
Layer toolkit providing the SSL and TLS cryptographic protocols for secure
communication over the Internet.
CVE-2026-28387
An uncommon configuration of clients performing DANE TLSA-based server
authentication, when paired with uncommon server DANE TLSA records,
may result in a use-after-free and/or double-free on the client side.
CVE-2026-28388
When a delta CRL that contains a Delta CRL Indicator extension is
processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.
CVE-2026-28389
During processing of a crafted CMS EnvelopedData message with
KeyAgreeRecipientInfo a NULL pointer dereference can happen.
CVE-2026-28390
During processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo a NULL pointer dereference can happen.
For Debian 11 bullseye, these problems have been fixed in version
1.1.1w-0+deb11u7.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmon40UACgkQ5yXoeRRg
AhYjPw//awf0tcoghXO/jpgEQ9bc3CEQeGzJm1UnIvlTHZMOdaVp49irLvEYX8Am
S1gEfiXHBbjK/1TJtxN8TZZmQi+qUBWXXNrQlsKBqZ6JhTuhSOl5dpQ6Lr7LBslZ
AsmXq0UclrBRGTBnC1/MWDMDMArDP3E5iL5jwBi/NngLKNEn6L4AhM+v4vwV5lYT
9qK05ynJJKrI0zc2QJzjB55CB/Dht/WYvwIR6gUXYCJdJxuTrUACzrRYqgRurj41
S6UphLVP874X43vd4WWJd+dEEa3oF3ykNaOG6r5YnkRuH6ml5EJqL7oH7hzT9TC6
pL2iR8Zmj/pUMQOfpS9sase4XTNDJOj5Ijhar/+2724WzYexzZr/xGup38EA26sB
xrUbnGraMJ8VYxAkSiARefamZgMwQ/ZNaZz6lb2DMiQGez3ucSL7lz6iYnfIp1Wj
XuLpW22uKl54KSoHCo3Wc7Ctuvyyo0tMZeIMf6kGhnufK495snnLa/HPcNDuo9Iu
99Ys/YtXh/X6EgX7k+rQtmwYk+Fo96QCqG5qSqdIWK7VvFGdUhgVRzBtCNafiFn7
MaZBNx+yYglz7IqZ4crOl3IGQgjzz1Y3FwMkcLJZQEJ1FEVxGM9yo6TFf8PZYMfO
rDIhEwfoWQsRi1dNet/wOPOVNfrZwHHkro24ZcOGa5voMt8DJCw=
=2zQS
-----END PGP SIGNATURE-----
