openssl 3.5.5 rpms released and added to all supported platforms (Alma Linux, Rocky Linux, RedHat Enterprise Linux RHEL, Oracle Linux).
Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)
Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)
Fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB (CVE-2025-15469)
Fixed TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)
Fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
Fixed Unauthenticated/unencrypted trailing bytes with low-level OCB
function calls (CVE-2025-69418)
Fixed Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
Fixed Missing ASN1_TYPE validation in TS_RESP_verify_response()
function (CVE-2025-69420)
Fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex() function (CVE-2025-69421)
Fixed Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
Fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes()
function (CVE-2026-22796)
OpenSSL 3.5 is a release featuring QUIC server support.
We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.