SUSE Package Hub - SUSE-PackageHub-16.0-675

Update Info

SUSE-PackageHub-16.0-675

Security update for openssl-3-x86_64-v3-livepatches

Type: security

Severity: critical

Issued: 2026-05-05

Description:

This update for openssl-3-x86_64-v3-livepatches fixes the following issues:

Changes in openssl-3-x86_64-v3-livepatches:

- Add package for libopenssl3-x86-64-v3-3.5.0 (bsc#1259271).

Fixed:

- CVE-2025-11187: Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification  (bsc#1256878).
- CVE-2025-15467: Fixed Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).
- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).
- CVE-2025-9230: Fixed Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) (bsc#1250410).

References

CVE: CVE-2025-9230
CVE: CVE-2025-15468
CVE: CVE-2025-15467
CVE: CVE-2025-11187
Bugzilla: 1259271 [QE][Build :git:2868:pcre2] openQA test fails in ulp_openssl - the installed libopenssl3-x86-64-v3-3.5.0-160000.6.1.x86_64 requires 'libopenssl3 = 3.5.0-160000.6.1', but this requirement cannot be provided
Bugzilla: 1256880 VUL-0: CVE-2025-15468: openssl-3-livepatches: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Bugzilla: 1256878 VUL-0: CVE-2025-11187: openssl-3-livepatches: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
Bugzilla: 1256876 VUL-0: CVE-2025-15467: openssl-3-livepatches: Stack buffer overflow in CMS AuthEnvelopedData parsing
Bugzilla: 1250410 VUL-0: CVE-2025-9230: openssl-1_1-livepatches,openssl-3-livepatches: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)

Packages

openssl-3-x86_64-v3-livepatches-0.3-160000.1.1