Overview

File _patchinfo of Package patchinfo.26405

<patchinfo incident="26405">
  <issue tracker="bnc" id="1204226">VUL-0: CVE-2022-3358: openssl-3: possible no encryption when custom cipher setup</issue>
  <issue tracker="bnc" id="1204714"> VUL-0: CVE-2022-3602,CVE-2022-3786: openssl-3: X.509 Email Address Buffer Overflow</issue>
  <issue tracker="cve" id="2022-3358"/>
  <issue tracker="cve" id="2022-3602"/>
  <issue tracker="cve" id="2022-3786"/>
  <packager>jsikes</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for openssl-3</summary>
  <description>This update for openssl-3 fixes the following issues:

- CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226).
- CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714)
- CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places