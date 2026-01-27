news
OpenSSL 3.6.1 Is Now Available with Important Security Patches and Bug Fixes
OpenSSL 3.6.1 is here to address several critical security vulnerabilities, including CVE-2025-11187, causing improper validation of PBMAC1 parameters in PKCS#12 MAC verification, CVE-2025-15467, a NULL dereference in the SSL_CIPHER_find() function on unknown cipher ID, and CVE-2025-15469, causing openssl dgst one-shot codepath to silently truncate inputs bigger than 16 MB.
This release also addresses CVE-2025-66199, fixing TLS 1.3 CompressedCertificate excessive memory allocation, CVE-2025-68160, a heap out-of-bounds write in BIO_f_linebuffer on short writes, CVE-2025-69418, causing unauthenticated/unencrypted trailing bytes with low-level OCB function calls, and CVE-2025-69419, an out-of-bounds write in PKCS12_get_friendlyname() UTF-8 conversion.