High: kusanagi-openssl Security Update

Security Advisory

Synopsis

Issued 2026-04-08
Severity High
Updated Packages kusanagi-openssl
Affected Products KUSANAGI 9, Business Edition, Page Speed Technology, Security Edition

Description

An update for kusanagi-openssl is now available.

Security fix(es):

  • CVE-2026-28387: Potential Use-after-free in DANE Client Code
  • CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL
  • CVE-2026-28389: Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
  • CVE-2026-28390: Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
  • CVE-2026-31789: Heap Buffer Overflow in Hexadecimal Conversion
  • CVE-2026-31790: Incorrect Failure Handling in RSA KEM RSASVE Encapsulation
  • CVE-2026-2673: OpenSSL TLS 1.3 server may choose unexpected key agreement group

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE information may not yet be available on those websites.

References

Updated packages listed below

This product uses the NVD API but is not endorsed or certified by the NVD.

kusanagi-openssl Module Update 3.5.6-1

Share:

KUSANAGI Open Source Licenses | KUSANAGI Business Edition, Premium Edition, Security Edition End-User License Agreement

KUSANAGI Logo and Mascots | Privacy Policy | Vulnerability Disclosure Policy | Contact US

© 2015 - 2026 GMO Prime Strategy Co., Ltd. All rights reserved