1. Ubuntu Security Notices
  2. USN-7786-1

USN-7786-1: OpenSSL vulnerabilities

Publication date

30 September 2025

Overview

Several security issues were fixed in OpenSSL.

Releases

Packages

  • openssl - Secure Socket Layer (SSL) cryptographic library and tools
  • openssl1.0 - Secure Socket Layer (SSL) cryptographic library and tools

Details

Stanislav Fort discovered that OpenSSL incorrectly handled memory when
trying to decrypt CMS messages encrypted with password-based encryption. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-9230)

Stanislav Fort discovered that OpenSSL had a timing side-channel in SM2
signature computations on ARM platforms. A remote attacker could possibly
use this issue to recover private data. This issue only affected Ubuntu
25.04. (CVE-2025-9231)

Stanislav Fort discovered that OpenSSL incorrectly handled memory during
HTTP requests when "no_proxy" environment variable is set. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 25.04. (CVE-2025-9232)

Stanislav Fort discovered that OpenSSL incorrectly handled memory when
trying to decrypt CMS messages encrypted with password-based encryption. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-9230)

Stanislav Fort discovered that OpenSSL had a timing side-channel in SM2
signature computations on ARM platforms. A remote attacker could possibly
use this issue to recover private data. This issue only affected Ubuntu
25.04. (CVE-2025-9231)

Stanislav Fort discovered that OpenSSL incorrectly handled memory during
HTTP requests when "no_proxy" environment variable is set. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 25.04. (CVE-2025-9232)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
25.04 plucky libssl3t64 –  3.4.1-1ubuntu4
openssl –  3.4.1-1ubuntu4
24.04 noble libssl3t64 –  3.0.13-0ubuntu3.6
openssl –  3.0.13-0ubuntu3.6
22.04 jammy libssl3 –  3.0.2-0ubuntu1.20
openssl –  3.0.2-0ubuntu1.20
20.04 focal libssl1.1 –  1.1.1f-1ubuntu2.24+esm1  
openssl –  1.1.1f-1ubuntu2.24+esm1  
18.04 bionic libssl1.0.0 –  1.0.2n-1ubuntu5.13+esm2  
libssl1.1 –  1.1.1-1ubuntu2.1~18.04.23+esm6  
openssl –  1.1.1-1ubuntu2.1~18.04.23+esm6  
openssl1.0 –  1.0.2n-1ubuntu5.13+esm2  
16.04 xenial libssl1.0.0 –  1.0.2g-1ubuntu4.20+esm13  
openssl –  1.0.2g-1ubuntu4.20+esm13  
14.04 trusty libssl1.0.0 –  1.0.1f-1ubuntu2.27+esm11  
openssl –  1.0.1f-1ubuntu2.27+esm11  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›