Description:
OpenSSL has released 1.0.2zq, 1.1.1zh, 3.0.21, 3.4.6, 3.5.7, 3.6.3 and 4.0.1 to fix the vulnerabilities in various versions of OpenSSL. The details of the security update can be found at:
https://openssl-library.org/news/secadv/20260609.txt
Affected Systems:
- OpenSSL 1.0.2 prior to version 1.0.2zq
- OpenSSL 1.1.1 prior to version 1.1.1zh
- OpenSSL 3.0 prior to version 3.0.21
- OpenSSL 3.4 prior to version 3.4.6
- OpenSSL 3.5 prior to version 3.5.7
- OpenSSL 3.6 prior to version 3.6.3
- OpenSSL 4.0 prior to version 4.0.1
Impact:
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.
Recommendation:
Patches for affected software are available. System administrators of affected systems should follow the recommendations provided by the software vendor and take immediate actions to mitigate the risk.
More Information:
- https://openssl-library.org/news/secadv/20260609.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7383
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-9076
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34180 (to CVE-2026-34183)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42764 (to CVE-2026-42771)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45445 (to CVE-2026-45447)
