Synopsis
| Issued | 2026-01-29 |
| Severity | High |
| Updated Packages | kusanagi-openssl |
| Affected Products | KUSANAGI 9, Business Edition, Page Speed Technology, Security Edition |
Description
An update for kusanagi-openssl is now available.
Security fix(es):
- CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing
- CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- CVE-2025-15469: 'openssl dgst' one-shot codepath silently truncates inputs 16MB
- CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE information may not yet be available on those websites.
References
- CVE-2025-11187
- CVE-2025-15467
- CVE-2025-15468
- CVE-2025-15469
- CVE-2025-66199
- CVE-2025-68160
- CVE-2025-69418
- CVE-2025-69419
- CVE-2025-69420
- CVE-2025-69421
- CVE-2026-22795
- CVE-2026-22796
