[CLSA-2026:1770804474] Fix CVE(s): CVE-2025-69418, CVE-2025-69421, CVE-2026-22796

Type:

security

Severity:

Important

Release date:

2026-02-11 10:07:58 UTC

Description:

   * SECURITY UPDATE: The trailing 1-15 bytes of a message may be exposed
     in
cleartext on encryption and are not covered by the authentication
     tag,
allowing an attacker to read or tamper with those bytes without
     detection
     - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path
       unauthenticated/unencrypted trailing bytes
     - CVE-2025-69418
   * SECURITY UPDATE: Invalid or NULL pointer dereference when processing
     malformed PKCS#7 data can result in a Denial of Service
     - debian/patches/CVE-2026-22796.patch: ensure ASN1 types are checked
       before use.
     - CVE-2026-22796
   * SECURITY UPDATE: Processing a malformed PKCS#12 file can trigger a NULL
     pointer dereference
     - debian/patches/CVE-2025-69421.patch: Check oct argument for NULL
     - CVE-2025-69421

Updated packages:

libssl-dev_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els7_amd64.deb
sha:7a941bd8b4a7300b7d5dd1ff1854f85cef1a63e3
libssl-doc_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els7_all.deb
sha:694f786e5a7d34b9c2f4f4f0fd4e2e0fea934c51
libssl1.1_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els7_amd64.deb
sha:262eea4c6b437ec2fe56f3b9ea8454dbdd72a0d1
openssl_1.1.1-1ubuntu2.1~18.04.23+tuxcare.els7_amd64.deb
sha:936847f647f535226166bcff35cbe195d7ea3d42

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.