#OpenSSL: 12 Sicherheitslecks, eines erlaubt Schadcodeausführung und ist kritisch | Security https://www.heise.de/news/OpenSSL-12-Sicherheitslecks-eines-erlaubt-Schadcodeausfuehrung-und-ist-kritisch-11161775.html #ArtificialIntelligence #Patchday
#OpenSSL
#OPNsense 26.1.1 has been released #patchday #openssl #python forum.opnsense.org/index.php?to...
#lispyGopherClimate #lisp #technology #podcast #archive, #climate #haiku by @kentpitman
https://communitymedia.video/w/c3GdAXe7BQTbK3VrcXCm7E
& @ramin_hal9001
On the #climate I would like to talk about the company that found #curl and #openssl's #deeplearning many (10ish) 0-day vulns "using #ai ". (#llm s were involved).
This obviously relates to my #lisp #symbolic #DL https://screwlisp.small-web.org/conditions/symbolic-d-l/ (ffnn equiv). Thanks to everyone involved with that so far.
I implemented that using #commonLisp #condition handling viz KMP.
Tails 7.4.1: Notfall-Release wegen OpenSSL-Lücken
https://fed.brid.gy/r/https://linuxnews.de/tails-7-4-1-notfall-release-wegen-openssl-luecken/
OpenSSL: 12 security gaps, one allows malicious code execution and is critical
12 security vulnerabilities have been discovered in OpenSSL – using AI tools. One of them is considered critical. Updated software is available.
#IT #KünstlicheIntelligenz #OpenSSL #Security #Sicherheitslücken #Updates #news
OpenSSL: 12 Sicherheitslecks, eines erlaubt Schadcodeausführung und ist kritisch
In OpenSSL wurden 12 Sicherheitslücken entdeckt – mit KI-Tools. Eine davon gilt als kritisch. Aktualisierte Software steht bereit.
#IT #KünstlicheIntelligenz #OpenSSL #Security #Sicherheitslücken #Updates #news
Tails 7.4.1: Notfall-Release wegen OpenSSL-Lücken
https://linuxnews.de/tails-7-4-1-notfall-release-wegen-openssl-luecken/ #tails #debian #openssl #linux #linuxnews
#Linux Weekly Roundup for February 1st, 2026: #Xfce gets #Rust-based #Wayland compositor, #GParted 1.8, #Transmission 4.1, #GStreamer 1.28, #OpenSSL 3.6.1, #Proton 10.0-4, GParted Live 1.8, #VirtualBox 7.2.6, #Calibre 9.0, #Tails 7.4.1, #AerynOS 2026.01, Linux Lite 7.8, #Shotcut 26.1, TigerVNC 1.16, Emmabuntüs Debian Edition 5 1.05, and more https://9to5linux.com/9to5linux-weekly-roundup-february-1st-2026
For those who didn't wait and installed v3.5.5 on their own or from Sid, FYI it landed in #Debian Testing today. I don't track Stable but generally speaking, when there's a major fashion faux pas updates can actually land in Stable (coming straight from Sid) before they do in Testing.
For those who run #Slackware -current, you wouldn't have really noticed anything, since #OpenSSL version 3.5.5 was pushed out on 27 January. And again, Slackware is one of, if not the first to address and act on exploits and vulnerabilities, often on #0day.
Fun Fact: Following the very public cannibalization of Sun Microsystems by the Evil EllisonCo (Oracle), Slackware Linux was the first major distro to adopt and release #MariaDB, replacing #MySQL as the default in the installation - credit where due, IIRC, the German fork of Slackware, #SuSE, was the second major distro to do so shortly thereafter.
https://hackingpassion.com/openssl-12-cves-ai-january-2026/
AI found 12 of 12 #OpenSSL #CVE's . CVE-2025-15467 is most remarkable
For #DNSSEC, the domain crate can use different crypto backends such as the ring crate or the #OpenSSL bindings. (But there are more.)
There is now a common-line tool to query the DNS, dnsi. And a CLI tool to do misc. manipulations, dnst ("people are using the ldns library example programs in production"). And a key manager, keyset.
Lol. Looking at openssl v3.5.4 PKCS#7 command and it only understands rfc 2315 but not rfc 2630.
It doesn't even mention rfc 5652 (sep 2009) which obsoletes rfc 3852 (July 2004) which obsoletes rfc 3369 (August 2002) which obsoletes rfc 2630 (June 1999).
So openssl is literally stuck in the last millennia when dealing with encrypted files/data.
It's possible that it's smime subcommand may do it as there's a pkcs7 option, but it doesn't mention which, if any rfc that the smime command follows.
#Tails 7.4.1 Is Out as an Emergency Release Patching Critical #OpenSSL Vulnerabilities https://9to5linux.com/tails-7-4-1-is-out-as-an-emergency-release-patching-critical-openssl-vulnerabilities
If you’re totally bored this Friday then there’s something to wake up all #infosec folks - a series of new vulnerabilities in #OpenSSL has just landed, including one high-severity. While it’s described as ‘remote-code execution’ kind of fortunately it applies to a stored digital signature format (CMS) which is used in digitally signed PDF and S/MIME but not in any transport security protocols.
Encryption protocol: AmiSSL 5.26
The open source encryption protocol AmiSSL has been updated to include the changes made in OpenSSL version 3.6.1, which was released two days ago. The latter fixes various bugs, including a high-priority CVE vulnerability.
#OpenSSL Critical Vulnerabilities Allow Remote Attackers to Execute Malicious Code (CVE-2025-15467). Patches released:
👇
https://cybersecuritynews.com/openssl-vulnerabilities-code-execution/
Potentially Critical RCE Vulnerability in OpenSSL
https://research.jfrog.com/post/potential-rce-vulnerabilityin-openssl-cve-2025-15467/
(there is a fix already released)
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst