Home / mailings [USN-7891-1] rust-openssl vulnerabilities
Posted on 26 November 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7891-1
November 26, 2025
rust-openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in rust-openssl.
Software Description:
- rust-openssl: OpenSSL bindings for Rust
Details:
Matt Mastracci discovered that rust-openssl was incorrectly handling server
lifetimes in certain functions. An attacker could possibly use this issue
to cause a denial of service or run arbitrary memory content to the client.
(CVE-2025-24898)
It was discovered that rust-openssl was incorrectly handling empty strings
when setting the host in certain functions. An attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-53159)
It was discovered that rust-openssl was incorrectly handling property
arguments in certain functions. An attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS. (CVE-2025-3416)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
librust-openssl-dev 0.10.57-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
librust-openssl-dev 0.10.36-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
librust-openssl-dev 0.10.23-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7891-1
CVE-2023-53159, CVE-2025-24898, CVE-2025-3416
--===============5069400851549689403==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
