USN-7980-1
- Source
- https://ubuntu.com/security/notices/USN-7980-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7980-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7980-1
- Upstream
- Related
- Published
- 2026-01-27T18:10:18.504032Z
- Modified
- 2026-02-04T19:02:03.285317Z
- Summary
- openssl vulnerabilities
- Details
-
Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS#12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11187)
Stanislav Fort discovered that OpenSSL incorrectly parsed CMS AuthEnvelopedData messages. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-15467)
Stanislav Fort discovered that OpenSSL incorrectly handled memory in the SSLCIPHERfind() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-15468)
Stanislav Fort discovered that the OpenSSL "openssl dgst" command line tool incorrectly truncated data to 16MB. An attacker could posibly use this issue to hide unauthenticated data beyond the 16MB limit. This issue only affected Ubuntu 25.10. (CVE-2025-15469)
Tomas Dulka and Stanislav Fort discovered that OpenSSL incorrectly handled memory with TLS 1.3 connections using certificate compression. An attacker could possibly use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-66199)
Petr Simecek and Stanislav Fort discovered that OpenSSL incorrectly handled memory when writing large data into a BIO chain. An attacker could possibly use this issue to consume resources, leading to a denial of service. (CVE-2025-68160)
Stanislav Fort discovered that the OpenSSL OCB API could incorrectly leave final partial blocks unencrypted and unauthenticated. An attacker could possibly use this issue to read or tamper with the affected final bytes. (CVE-2025-69418)
Stanislav Fort discovered that OpenSSL incorrectly handled the PKCS12getfriendlyname() utf-8 conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69419)
Luigino Camastra discovered that OpenSSL incorrectly handled ASN1TYPE validation in the TSRESPverifyresponse() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69420)
Luigino Camastra discovered that OpenSSL incorrectly handled memory in the PKCS12itemdecryptd2iex function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2025-69421)
Luigino Camastra discovered that OpenSSL incorrectly handled ASN1_TYPE validation in PKCS#12 parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22795)
Luigino Camastra discovered that OpenSSL incorrectly handled ASN1TYPE validation in the PKCS7digestfromattributes() function. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-22796)
- References
-
- https://ubuntu.com/security/notices/USN-7980-1
- https://ubuntu.com/security/CVE-2025-11187
- https://ubuntu.com/security/CVE-2025-15467
- https://ubuntu.com/security/CVE-2025-15468
- https://ubuntu.com/security/CVE-2025-15469
- https://ubuntu.com/security/CVE-2025-66199
- https://ubuntu.com/security/CVE-2025-68160
- https://ubuntu.com/security/CVE-2025-69418
- https://ubuntu.com/security/CVE-2025-69419
- https://ubuntu.com/security/CVE-2025-69420
- https://ubuntu.com/security/CVE-2025-69421
- https://ubuntu.com/security/CVE-2026-22795
- https://ubuntu.com/security/CVE-2026-22796
Affected packages
Ubuntu:22.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.21?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.2-0ubuntu1.21
Affected versions
1.*
3.*
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl-dev",
"binary_version": "3.0.2-0ubuntu1.21"
},
{
"binary_name": "libssl3",
"binary_version": "3.0.2-0ubuntu1.21"
},
{
"binary_name": "openssl",
"binary_version": "3.0.2-0ubuntu1.21"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-15467"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-68160"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69418"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69419"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69420"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69421"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2026-22795"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2026-22796"
}
],
"ecosystem": "Ubuntu:22.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7980-1.json"
Ubuntu:24.04:LTS / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.0.13-0ubuntu3.7?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.0.13-0ubuntu3.7
Affected versions
3.*
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl-dev",
"binary_version": "3.0.13-0ubuntu3.7"
},
{
"binary_name": "libssl3t64",
"binary_version": "3.0.13-0ubuntu3.7"
},
{
"binary_name": "openssl",
"binary_version": "3.0.13-0ubuntu3.7"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-15467"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-68160"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69418"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69419"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69420"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69421"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2026-22795"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2026-22796"
}
],
"ecosystem": "Ubuntu:24.04:LTS"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7980-1.json"
Ubuntu:25.10 / openssl
Package
- Name
- openssl
- Purl
- pkg:deb/ubuntu/openssl@3.5.3-1ubuntu3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.3-1ubuntu3
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "libssl-dev",
"binary_version": "3.5.3-1ubuntu3"
},
{
"binary_name": "libssl3t64",
"binary_version": "3.5.3-1ubuntu3"
},
{
"binary_name": "openssl",
"binary_version": "3.5.3-1ubuntu3"
},
{
"binary_name": "openssl-provider-legacy",
"binary_version": "3.5.3-1ubuntu3"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-11187"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"id": "CVE-2025-15467"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-15468"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-15469"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-66199"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-68160"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69418"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69419"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69420"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2025-69421"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2026-22795"
},
{
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2026-22796"
}
],
"ecosystem": "Ubuntu:25.10"
}
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7980-1.json"