{"id":38261,"date":"2026-01-30T18:05:41","date_gmt":"2026-01-30T10:05:41","guid":{"rendered":"https:\/\/www.deepin.org\/?p=38261"},"modified":"2026-01-30T18:05:41","modified_gmt":"2026-01-30T10:05:41","slug":"openssl-multiple-vulnerabilities-fixed","status":"publish","type":"post","link":"https:\/\/www.deepin.org.cn\/en\/openssl-multiple-vulnerabilities-fixed\/","title":{"rendered":"Urgent Security Update | OpenSSL Multiple Vulnerabilities Fixed, Please Upgrade ASAP!"},"content":{"rendered":"<img loading=\"lazy\" class=\"alignnone size-full wp-image-37062\" src=\"https:\/\/www.deepin.org\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1.jpg\" alt=\"\" width=\"900\" height=\"383\" srcset=\"https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1.jpg 900w, https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1-300x128.jpg 300w, https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1-150x64.jpg 150w, https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1-768x327.jpg 768w, https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1-24x10.jpg 24w, https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1-36x15.jpg 36w, https:\/\/www.deepin.org.cn\/wp-content\/uploads\/2025\/07\/\u8868\u60c51-900x383-1-48x20.jpg 48w\" sizes=\"(max-width: 900px) 100vw, 900px\" \/><\/p>\n<div>\n<p class=\"otl-paragraph\"><span class=\"color_font\"><span class=\"otl-emoji\">\ud83d\udd14<\/span><\/span><span class=\"color_font\"> Dear deepin Users and Community Members,<\/span><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\">Recently, OpenSSL has released multiple security vulnerability fix announcements, involving <\/span><span class=\"color_font\"><strong>13 security vulnerabilities<\/strong><\/span><span class=\"color_font\">, including <\/span><span class=\"color_font\"><strong>2 High\/Medium-risk vulnerabilities<\/strong><\/span><span class=\"color_font\">. To ensure the security of your system, we strongly recommend all users upgrade the relevant packages as soon as possible.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3 class=\"otl-heading\"><span class=\"color_font\"><strong>I. Vulnerability Information<\/strong><\/span><\/h3>\n<p class=\"otl-paragraph\"><span class=\"color_font\">The CVE identifiers involved in this fix are as follows:<\/span><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\">CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-15467, CVE-2025-15468,<\/span><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\">CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420,<\/span><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\">CVE-2025-69421, CVE-2026-22795, CVE-2026-22796<\/span><\/p>\n<p>&nbsp;<\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\"><strong>Key High\/Medium Risk Vulnerability Fixes<\/strong><\/span><\/p>\n<ul>\n<li class=\"otl-paragraph\"><strong>CVE-2025-15467 | High<\/strong><\/li>\n<\/ul>\n<p class=\"otl-paragraph\">CMS AuthEnvelopedData Parsing Stack Buffer Overflow: This vulnerability could lead to Remote Code Execution (RCE) under specific conditions. Immediate updating is advised.<\/p>\n<ul>\n<li class=\"otl-paragraph\"><strong>CVE-2025-11187 | Moderate<\/strong><\/li>\n<\/ul>\n<p class=\"otl-paragraph\">Missing PKCS#12 PBMAC1 Parameter Validation: Lack of necessary validation could trigger a stack-based buffer overflow.<\/p>\n<p>&nbsp;<\/p>\n<h3 class=\"otl-heading\"><span class=\"color_font\"><strong>II. Fixed Version Information<\/strong><\/span><\/h3>\n<p class=\"otl-paragraph\"><span class=\"color_font\"><strong>Fixed Version:<\/strong><\/span> <code><span class=\"color_font\">3.2.4-0deepin6<\/span><\/code><span class=\"color_font\"> (for packages <\/span><code><span class=\"color_font\">libssl3<\/span><\/code><span class=\"color_font\"> and <\/span><code><span class=\"color_font\">openssl<\/span><\/code><span class=\"color_font\">)<\/span><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\"><strong>Note:<\/strong><\/span><span class=\"color_font\"> Versions lower than <\/span><code><span class=\"color_font\">3.2.4-0deepin6<\/span><\/code><span class=\"color_font\"> are <\/span><span class=\"color_font\"><strong>not<\/strong><\/span><span class=\"color_font\"> patched against these vulnerabilities.<\/span><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\"><strong>Command to Check Version:<\/strong><\/span><\/p>\n<p><code autowrap=\"false\" lang=\"plaintext\" theme=\"light\">apt policy libssl3 openssl<\/code><\/p>\n<p class=\"otl-paragraph\"><span class=\"color_font\"><strong>System Update Method:<\/strong><\/span><\/p>\n<p><code autowrap=\"false\" lang=\"plaintext\" theme=\"light\">sudo apt update<br \/>\nsudo apt upgrade libssl3 openssl<\/code><\/p>\n<p>&nbsp;<\/p>\n<h3 class=\"otl-heading\"><span class=\"color_font\"><strong>III. Timeline<\/strong><\/span><span class=\"color_font\"> (All times in Beijing Time)<\/span><\/h3>\n<ul>\n<li class=\"otl-paragraph\"><strong>Jan 28, 01:18<\/strong> \u2014 Upstream OpenSSL official security advisory released.<\/li>\n<li class=\"otl-paragraph\"><strong>Jan 28, 09:39<\/strong> \u2014 deepin initiated vulnerability tracking and analysis.<\/li>\n<li class=\"otl-paragraph\"><strong>Jan 28, 16:32<\/strong> \u2014 Patch adaptation completed, PR submitted, and entered the build pipeline.<\/li>\n<li class=\"otl-paragraph\"><strong>Jan 30, 15:51<\/strong> \u2014 Testing completed, update ready for repository push.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3 class=\"otl-heading\"><span class=\"color_font\"><strong>References<\/strong><\/span><\/h3>\n<ul>\n<li class=\"otl-paragraph\">OpenSSL Official Security Advisory: <a class=\"hyperlink\" href=\"https:\/\/openssl-library.org\/news\/secadv\/20260127.txt\" target=\"_Blank\" rel=\"noopener\"><span class=\"color_font\">https:\/\/openssl-library.org\/news\/secadv\/20260127.txt<\/span><\/a><\/li>\n<li class=\"otl-paragraph\">Aisle Vulnerability Analysis: <a class=\"hyperlink\" href=\"https:\/\/aisle.com\/blog\/aisle-discovered-12-out-of-12-openssl-vulnerabilities\" target=\"_Blank\" rel=\"noopener\"><span class=\"color_font\">https:\/\/aisle.com\/blog\/aisle-discovered-12-out-of-12-openssl-vulnerabilities<\/span><\/a><\/li>\n<\/ul>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd14 Dear deepin Users and Community Members, Recently, OpenSSL has released multiple security vulnerability fix announcements, involving 13 security vulnerabilities, including 2 High\/Medium-risk vulnerabilities. To ensure the security of your system, we strongly recommend all users upgrade the relevant packages as soon as possible. &nbsp; I. Vulnerability Information The CVE identifiers involved in this fix are as follows: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-15467, CVE-2025-15468, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796 &nbsp; Key High\/Medium Risk Vulnerability Fixes CVE-2025-15467 | High CMS AuthEnvelopedData Parsing Stack Buffer Overflow: This vulnerability could lead to Remote Code Execution (RCE) under specific conditions. Immediate updating ...<a href=https:\/\/www.deepin.org.cn\/en\/openssl-multiple-vulnerabilities-fixed\/>Read more<\/a><\/p>\n","protected":false},"author":18825,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1,93],"tags":[],"_links":{"self":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/38261"}],"collection":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/users\/18825"}],"replies":[{"embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/comments?post=38261"}],"version-history":[{"count":5,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/38261\/revisions"}],"predecessor-version":[{"id":38267,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/posts\/38261\/revisions\/38267"}],"wp:attachment":[{"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/media?parent=38261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/categories?post=38261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.deepin.org.cn\/en\/wp-json\/wp\/v2\/tags?post=38261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}