🔔 Dear deepin Users and Community Members,
Recently, OpenSSL has released multiple security vulnerability fix announcements, involving 13 security vulnerabilities, including 2 High/Medium-risk vulnerabilities. To ensure the security of your system, we strongly recommend all users upgrade the relevant packages as soon as possible.
I. Vulnerability Information
The CVE identifiers involved in this fix are as follows:
CVE-2025-9230, CVE-2025-9231, CVE-2025-9232, CVE-2025-15467, CVE-2025-15468,
CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420,
CVE-2025-69421, CVE-2026-22795, CVE-2026-22796
Key High/Medium Risk Vulnerability Fixes
- CVE-2025-15467 | High
CMS AuthEnvelopedData Parsing Stack Buffer Overflow: This vulnerability could lead to Remote Code Execution (RCE) under specific conditions. Immediate updating is advised.
- CVE-2025-11187 | Moderate
Missing PKCS#12 PBMAC1 Parameter Validation: Lack of necessary validation could trigger a stack-based buffer overflow.
II. Fixed Version Information
Fixed Version: 3.2.4-0deepin6 (for packages libssl3 and openssl)
Note: Versions lower than 3.2.4-0deepin6 are not patched against these vulnerabilities.
Command to Check Version:
apt policy libssl3 openssl
System Update Method:
sudo apt update
sudo apt upgrade libssl3 openssl
III. Timeline (All times in Beijing Time)
- Jan 28, 01:18 — Upstream OpenSSL official security advisory released.
- Jan 28, 09:39 — deepin initiated vulnerability tracking and analysis.
- Jan 28, 16:32 — Patch adaptation completed, PR submitted, and entered the build pipeline.
- Jan 30, 15:51 — Testing completed, update ready for repository push.
References
- OpenSSL Official Security Advisory: https://openssl-library.org/news/secadv/20260127.txt
- Aisle Vulnerability Analysis: https://aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities