Red Hat Openssl
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Openssl.
Recent Red Hat Openssl Security Advisories
| Advisory | Title | Published |
|---|---|---|
| RHSA-2026:5217 | (RHSA-2026:5217) Moderate: compat-openssl11 security update | March 23, 2026 |
| RHSA-2026:5214 | (RHSA-2026:5214) Moderate: compat-openssl11 security update | March 23, 2026 |
| RHSA-2026:4825 | (RHSA-2026:4825) Moderate: compat-openssl11 security update | March 17, 2026 |
| RHSA-2026:4824 | (RHSA-2026:4824) Moderate: compat-openssl11 security update | March 17, 2026 |
| RHSA-2026:4472 | (RHSA-2026:4472) Moderate: compat-openssl11 security update | March 12, 2026 |
| RHSA-2026:4214 | (RHSA-2026:4214) Moderate: openssl security update | March 10, 2026 |
| RHSA-2026:4163 | (RHSA-2026:4163) Moderate: openssl security update | March 10, 2026 |
| RHSA-2026:3437 | (RHSA-2026:3437) Moderate: openssl security update | February 26, 2026 |
| RHSA-2026:3364 | (RHSA-2026:3364) Moderate: openssl security update | February 25, 2026 |
| RHSA-2026:3042 | (RHSA-2026:3042) Moderate: openssl security update | February 23, 2026 |
EOL Dates
Ensure that you are using a supported version of Red Hat Openssl. Here are some end of life, and end of support dates for Red Hat Openssl.
| Release | EOL Date | Status |
|---|---|---|
| 3.6 | November 1, 2026 |
EOL This Year
Red Hat Openssl 3.6 will become EOL this year, in November 2026. |
| 3.5 | April 8, 2030 |
Active
Red Hat Openssl 3.5 will become EOL in 4 years (in 2030). |
| 3.4 | October 22, 2026 |
EOL This Year
Red Hat Openssl 3.4 will become EOL this year, in October 2026. |
| 3.3 | April 9, 2026 |
EOL This Year
Red Hat Openssl 3.3 will become EOL this year, in April 2026. |
| 3.2 | November 23, 2025 |
EOL
Red Hat Openssl 3.2 became EOL in 2025. |
| 3.1 | March 14, 2025 |
EOL
Red Hat Openssl 3.1 became EOL in 2025. |
| 3.0 | September 7, 2026 |
EOL This Year
Red Hat Openssl 3.0 will become EOL this year, in September 2026. |
| 1.1.1 | September 11, 2023 |
EOL
Red Hat Openssl 1.1.1 became EOL in 2023. |
| 1.1.0 | September 11, 2019 |
EOL
Red Hat Openssl 1.1.0 became EOL in 2019. |
| 1.0.2 | December 31, 2019 |
EOL
Red Hat Openssl 1.0.2 became EOL in 2019. |
| 1.0.1 | December 31, 2016 |
EOL
Red Hat Openssl 1.0.1 became EOL in 2016. |
| 1.0.0 | December 31, 2015 |
EOL
Red Hat Openssl 1.0.0 became EOL in 2015. |
| 0.9.8 | December 31, 2015 |
EOL
Red Hat Openssl 0.9.8 became EOL in 2015. |
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Openssl. Openssl did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 5.90 |
It may take a day or so for new Openssl vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Openssl Security Vulnerabilities
Perl Crypt-OpenSSL-RSA PKCS#1 v1.5 Timing Side-Channel (Bleichenbacher)
CVE-2024-2467
5.9 - Medium
- April 25, 2024
A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
Observable Timing Discrepancy
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2
CVE-2009-1387
- June 04, 2009
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug."
NULL Pointer Dereference
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet
CVE-2009-1386
- June 04, 2009
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openssl or by Red Hat? Click the Watch button to subscribe.
