[From nobody Sat Apr 25 16:41:11 2026 Received: (at submit) by bugs.debian.org; 25 Apr 2026 10:30:57 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-3.9 required=4.0 tests=BAYES_00, FOURLA, SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 62; hammy, 150; neutral, 120; spammy, 0. spammytokens: hammytokens:0.000-+--UD:security-tracker.debian.org, 0.000-+--securitytrackerdebianorg, 0.000-+--security-tracker.debian.org, 0.000-+--H*r:jmm, 0.000-+--sk:team@se Return-path: <jmm@inutil.org> Received: from inutil.org ([51.38.114.215]:41154 helo=vps-b7ad3695.vps.ovh.net) by buxtehude.debian.org with esmtp (Exim 4.96) (envelope-from <jmm@inutil.org>) id 1wGaHo-000OL7-2K for submit@bugs.debian.org; Sat, 25 Apr 2026 10:30:57 +0000 Received: from soju.westfalen.local (p548dc5fc.dip0.t-ipconnect.de [84.141.197.252]) by vps-b7ad3695.vps.ovh.net (Postfix) with ESMTPSA id B15631F7 for <submit@bugs.debian.org>; Sat, 25 Apr 2026 10:30:55 +0000 (UTC) Received: from jmm by soju.westfalen.local with local (Exim 4.99.1) (envelope-from <jmm@soju.westfalen.local>) id 1wGaGW-00000003Xs6-1s0l for submit@bugs.debian.org; Sat, 25 Apr 2026 12:29:36 +0200 Date: Sat, 25 Apr 2026 12:29:36 +0200 To: submit@bugs.debian.org Subject: rust-openssl: CVE-2026-41676 CVE-2026-41677 CVE-2026-41678 CVE-2026-41681 CVE-2026-41898 Message-ID: <aeyXkPYB9jqrZeax@pisco.westfalen.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline From: =?UTF-8?Q?Moritz_M=C3=BChlenhoff?= <jmm@inutil.org> Delivered-To: submit@bugs.debian.org Source: rust-openssl X-Debbugs-CC: team@security.debian.org Severity: important Tags: security Hi, The following vulnerabilities were published for rust-openssl. All fixed in 0.10.78. CVE-2026-41676[0]: | rust-openssl provides OpenSSL bindings for the Rust programming | language. From 0.9.27 to before 0.10.78, Deriver::derive (and | PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out | length to EVP_PKEY_derive, relying on OpenSSL to honor it. On | OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming | *keylen, unconditionally writing the full shared secret | (32/56/prime-size bytes). A caller passing a short slice gets a | heap/stack overflow from safe code. OpenSSL 3.x providers do check, | so this only impacts older OpenSSL. This vulnerability is fixed in | 0.10.78. CVE-2026-41677[1]: | rust-openssl provides OpenSSL bindings for the Rust programming | language. From 0.9.0 to before 0.10.78, the *_from_pem_callback | APIs did not validate the length returned by the user's callback. A | password callback that returns a value larger than the buffer it was | given can cause some versions of OpenSSL to over-read this buffer. | OpenSSL 3.x is not affected by this. This vulnerability is fixed in | 0.10.78. CVE-2026-41678[2]: | rust-openssl provides OpenSSL bindings for the Rust programming | language. From to before 0.10.78, aes::unwrap_key() contains an | incorrect assertion: it checks that out.len() + 8 <= in_.len(), but | this condition is reversed. The intended invariant is out.len() >= | in_.len() - 8, ensuring the output buffer is large enough. Because | of the inverted check, the function only accepts buffers at or below | the minimum required size and rejects larger ones. If a smaller | buffer is provided the function will write past the end of out by | in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from | a safe public function. This vulnerability is fixed in 0.10.78. CVE-2026-41681[3]: | rust-openssl provides OpenSSL bindings for the Rust programming | language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always | writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller | than that, MdCtxRef::digest_final() writes past its end, usually | corrupting the stack. This is reachable from safe Rust. This | vulnerability is fixed in 0.10.78. CVE-2026-41898[4]: | rust-openssl provides OpenSSL bindings for the Rust programming | language. From 0.9.24 to before 0.10.78, the FFI trampolines behind | SslContextBuilder::set_psk_client_callback, set_psk_server_callback, | set_cookie_generate_cb, and set_stateless_cookie_generate_cb | forwarded the user closure's returned usize directly to OpenSSL | without checking it against the &mut [u8] that was handed to the | closure. This can lead to buffer overflows and other unintended | consequences. This vulnerability is fixed in 0.10.78. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-41676 https://www.cve.org/CVERecord?id=CVE-2026-41676 [1] https://security-tracker.debian.org/tracker/CVE-2026-41677 https://www.cve.org/CVERecord?id=CVE-2026-41677 [2] https://security-tracker.debian.org/tracker/CVE-2026-41678 https://www.cve.org/CVERecord?id=CVE-2026-41678 [3] https://security-tracker.debian.org/tracker/CVE-2026-41681 https://www.cve.org/CVERecord?id=CVE-2026-41681 [4] https://security-tracker.debian.org/tracker/CVE-2026-41898 https://www.cve.org/CVERecord?id=CVE-2026-41898 Please adjust the affected versions in the BTS as needed. ]