Commit 8f23518654 for openssl.org
commit 8f235186544809bcdab4dfe79b871eb6dc3daefd
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date: Tue Mar 10 11:41:18 2026 +0100
CHANGES.md, NEWS.md: picking up changes from 3.6.1
Since it has been released before 4.0.0-alpha1.
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Mar 10 13:39:37 2026
(Merged from https://github.com/openssl/openssl/pull/30338)
diff --git a/CHANGES.md b/CHANGES.md
index 8967a28a2a..c6b1975def 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -501,6 +501,272 @@ OpenSSL Releases
OpenSSL 3.6
-----------
+### Changes between 3.6.0 and 3.6.1 [27 Jan 2026]
+
+ * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
+
+ Severity: Moderate
+
+ Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation
+ which can trigger a stack-based buffer overflow, invalid pointer or NULL
+ pointer dereference during MAC verification.
+
+ Impact summary: The stack buffer overflow or NULL pointer dereference may
+ cause a crash leading to Denial of Service for an application that parses
+ untrusted PKCS#12 files. The buffer overflow may also potentially enable
+ code execution depending on platform mitigations.
+
+ Reported by: Stanislav Fort (Aisle Research) and Petr Šimeček (Aisle
+ Research) and Hamza (Metadust)
+
+ ([CVE-2025-11187])
+
+ *Tomáš Mráz*
+
+ * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing.
+
+ Severity: High
+
+ Issue summary: Parsing CMS `AuthEnvelopedData` message with maliciously
+ crafted AEAD parameters can trigger a stack buffer overflow.
+
+ Impact summary: A stack buffer overflow may lead to a crash, causing Denial
+ of Service, or potentially remote code execution.
+
+ Reported by: Stanislav Fort (Aisle Research)
+
+ ([CVE-2025-15467])
+
+ *Igor Ustinov*
+
+ * Fixed NULL dereference in `SSL_CIPHER_find()` function on unknown cipher ID.
+
+ Severity: Low
+
+ Issue summary: If an application using the `SSL_CIPHER_find()` function
+ in a QUIC protocol client or server receives an unknown cipher suite from
+ the peer, a NULL dereference occurs.
+
+ Impact summary: A NULL pointer dereference leads to abnormal termination
+ of the running process causing Denial of Service.
+
+ Reported by: Stanislav Fort (Aisle Research)
+
+ ([CVE-2025-15468])
+
+ *Stanislav Fort*
+
+ * Fixed `openssl dgst` one-shot codepath silently truncates inputs >16 MiB.
+
+ Severity: Low
+
+ Issue summary: The `openssl dgst` command-line tool silently truncates input
+ data to 16 MiB when using one-shot signing algorithms and reports success
+ instead of an error.
+
+ Impact summary: A user signing or verifying files larger than 16 MiB with
+ one-shot algorithms (such as Ed25519, Ed448, or ML-DSA) may believe the
+ entire file is authenticated while trailing data beyond 16 MiB remains
+ unauthenticated.
+
+ Reported by: Stanislav Fort (Aisle Research)
+
+ ([CVE-2025-15469])
+
+ *Viktor Dukhovni*
+
+ * Fixed TLS 1.3 `CompressedCertificate` excessive memory allocation.
+
+ Severity: Low
+
+ Issue summary: A TLS 1.3 connection using certificate compression can be
+ forced to allocate a large buffer before decompression without checking
+ against the configured certificate size limit.
+
+ Impact summary: An attacker can cause per-connection memory allocations
+ of up to approximately 22 MiB and extra CPU work, potentially leading
+ to service degradation or resource exhaustion (Denial of Service).
+
+ Reported by: Tomas Dulka (Aisle Research) and Stanislav Fort (Aisle
+ Research)
+
+ ([CVE-2025-66199])
+
+ *Tomas Dulka and Stanislav Fort*
+
+ * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes.
+
+ Severity: Low
+
+ Issue summary: Writing large, newline-free data into a BIO chain using the
+ line-buffering filter where the next BIO performs short writes can trigger
+ a heap-based out-of-bounds write.
+
+ Impact summary: This out-of-bounds write can cause memory corruption
+ which typically results in a crash, leading to Denial of Service for
+ an application.
+
+ Reported by: Petr Simecek (Aisle Research) and Stanislav Fort (Aisle
+ Research)
+
+ ([CVE-2025-68160])
+
+ *Stanislav Fort and Neil Horman*
+
+ * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB
+ function calls.
+
+ Severity: Low
+
+ Issue summary: When using the low-level OCB API directly with AES-NI or
+ other hardware-accelerated code paths, inputs whose length is not a multiple
+ of 16 bytes can leave the final partial block unencrypted and
+ unauthenticated.
+
+ Impact summary: The trailing 1-15 bytes of a message may be exposed in
+ cleartext on encryption and are not covered by the authentication tag,
+ allowing an attacker to read or tamper with those bytes without detection.
+
+ Reported by: Stanislav Fort (Aisle Research)
+
+ ([CVE-2025-69418])
+
+ *Stanislav Fort*
+
+ * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion.
+
+ Severity: Low
+
+ Issue summary: Calling `PKCS12_get_friendlyname()` function on a maliciously
+ crafted PKCS#12 file with a `BMPString` (UTF-16BE) friendly name containing
+ non-ASCII BMP code point can trigger a one byte write before the allocated
+ buffer.
+
+ Impact summary: The out-of-bounds write can cause a memory corruption
+ which can have various consequences including a Denial of Service.
+
+ Reported by: Stanislav Fort (Aisle Research)
+
+ ([CVE-2025-69419])
+
+ *Norbert Pócs*
+
+ * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()` function.
+
+ Severity: Low
+
+ Issue summary: A type confusion vulnerability exists in the TimeStamp
+ Response verification code where an `ASN1_TYPE` union member is accessed
+ without first validating the type, causing an invalid or NULL pointer
+ dereference when processing a malformed `TimeStamp` Response file.
+
+ Impact summary: An application calling `TS_RESP_verify_response()`
+ with a malformed TimeStamp Response can be caused to dereference an invalid
+ or NULL pointer when reading, resulting in a Denial of Service.
+
+ Reported by: Luigino Camastra (Aisle Research)
+
+ ([CVE-2025-69420])
+
+ *Bob Beck*
+
+ * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function.
+
+ Severity: Low
+
+ Issue summary: Processing a malformed PKCS#12 file can trigger a NULL
+ pointer dereference in the `PKCS12_item_decrypt_d2i_ex()` function.
+
+ Impact summary: A NULL pointer dereference can trigger a crash which leads
+ to Denial of Service for an application processing PKCS#12 files.
+
+ Reported by: Luigino Camastra (Aisle Research)
+
+ ([CVE-2025-69421])
+
+ *Luigino Camastra*
+
+ * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing.
+
+ Severity: Low
+
+ Issue summary: An invalid or NULL pointer dereference can happen in
+ an application processing a malformed PKCS#12 file.
+
+ Impact summary: An application processing a malformed PKCS#12 file can be
+ caused to dereference an invalid or NULL pointer on memory read, resulting
+ in a Denial of Service.
+
+ Reported by: Luigino Camastra (Aisle Research)
+
+ ([CVE-2026-22795])
+
+ *Bob Beck*
+
+ * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()`
+ function.
+
+ Severity: Low
+
+ Issue summary: A type confusion vulnerability exists in the signature
+ verification of signed PKCS#7 data where an `ASN1_TYPE` union member
+ is accessed without first validating the type, causing an invalid or NULL
+ pointer dereference when processing malformed PKCS#7 data.
+
+ Impact summary: An application performing signature verification of PKCS#7
+ data or calling directly the `PKCS7_digest_from_attributes()` function can be
+ caused to dereference an invalid or NULL pointer when reading, resulting in
+ a Denial of Service.
+
+ Reported by: Luigino Camastra (Aisle Research)
+
+ ([CVE-2026-22796])
+
+ *Bob Beck*
+
+ * RISC-V capabilities string format has changed to include the base
+ architecture and the vector length for the V extension.
+ <!-- https://github.com/openssl/openssl/pull/28760 -->
+
+ *Bernd Edlinger*
+
+ * Fixed a regression in `X509_V_FLAG_CRL_CHECK_ALL` flag handling by restoring
+ its pre-3.6.0 behaviour of being ignored when `X509_V_FLAG_CRL_CHECK` flag
+ is not set, and no longer implying the latter flag instead.
+ <!-- https://github.com/openssl/openssl/pull/28797 -->
+
+ *Carter Thaxton*
+
+ * Fixed a regression that caused generation of empty stapled OCSP responses
+ when at least one certificate in the certificate chain had a stapled OCSP
+ response present, causing handshake failures for OpenSSL 3.6.0 servers
+ with various client implementations, including GnuTLS and BoringSSL.
+ <!-- https://github.com/openssl/openssl/pull/28955 -->
+
+ *Martin Rauch*
+
+ * Fixed exit code of `openssl x509` command with `-checkend` option in use.
+ <!-- https://github.com/openssl/openssl/pull/29155 -->
+
+ *Stefan Rieche*
+
+ * Fixed incorrect acceptance of some malformed ECDSA signatures on s390x.
+ <!-- https://github.com/openssl/openssl/pull/29214 -->
+
+ *Holger Dengler*
+
+ * Source code has been reformatted with `clang-format`.
+ <!-- https://github.com/openssl/openssl/pull/29245 -->
+
+ *Bob Beck*
+
+ * Reverted a change in behaviour of the single stapled OCSP response API
+ with respect to the ownership of the OCSP response object that caused
+ a memory leak.
+ <!-- https://github.com/openssl/openssl/pull/29251 -->
+
+ *Remi Gacogne and Tomáš Mráz*
+
### Changes between 3.5 and 3.6.0 [1 Oct 2025]
* Added support for `EVP_SKEY` opaque symmetric key objects to the key
@@ -22266,6 +22532,18 @@ ndif
[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
+[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
+[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[RFC 7919]: https://datatracker.ietf.org/doc/html/rfc7919
diff --git a/NEWS.md b/NEWS.md
index 95a85814eb..296b04b3b4 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -116,6 +116,58 @@ This release adds the following new features:
OpenSSL 3.6
-----------
+### Major changes between OpenSSL 3.6.0 and OpenSSL 3.6.1 [27 Jan 2026]
+
+OpenSSL 3.6.1 is a security patch release. The most severe CVE fixed in this
+release is High.
+
+This release incorporates the following bug fixes and mitigations:
+
+ * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
+ ([CVE-2025-11187])
+
+ * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing.
+ ([CVE-2025-15467])
+
+ * Fixed NULL dereference in `SSL_CIPHER_find()` function on unknown cipher ID.
+ ([CVE-2025-15468])
+
+ * Fixed `openssl dgst` one-shot codepath silently truncates inputs >16 MiB.
+ ([CVE-2025-15469])
+
+ * Fixed TLS 1.3 `CompressedCertificate` excessive memory allocation.
+ ([CVE-2025-66199])
+
+ * Fixed Heap out-of-bounds write in `BIO_f_linebuffer` on short writes.
+ ([CVE-2025-68160])
+
+ * Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB
+ function calls.
+ ([CVE-2025-69418])
+
+ * Fixed Out of bounds write in `PKCS12_get_friendlyname()` UTF-8 conversion.
+ ([CVE-2025-69419])
+
+ * Fixed Missing `ASN1_TYPE` validation in `TS_RESP_verify_response()`
+ function.
+ ([CVE-2025-69420])
+
+ * Fixed NULL Pointer Dereference in `PKCS12_item_decrypt_d2i_ex()` function.
+ ([CVE-2025-69421])
+
+ * Fixed Missing `ASN1_TYPE` validation in PKCS#12 parsing.
+ ([CVE-2026-22795])
+
+ * Fixed `ASN1_TYPE` Type Confusion in the `PKCS7_digest_from_attributes()`
+ function.
+ ([CVE-2026-22796])
+
+ * Fixed a regression in `X509_V_FLAG_CRL_CHECK_ALL` flag handling by
+ restoring its pre-3.6.0 behaviour.
+
+ * Fixed a regression in handling stapled OCSP responses causing handshake
+ failures for OpenSSL 3.6.0 servers with various client implementations.
+
### Major changes between OpenSSL 3.5 and OpenSSL 3.6 [under development]
OpenSSL 3.6.0 is a feature release adding significant new functionality
@@ -2249,6 +2301,18 @@ OpenSSL 0.9.x
[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
+[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
+[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
[OpenSSL Guide]: https://docs.openssl.org/master/man7/ossl-guide-introduction
[README-QUIC.md]: ./README-QUIC.md