Overview

File _patchinfo of Package patchinfo.41067

<patchinfo incident="41067">
  <issue tracker="cve" id="2024-4741"/>
  <issue tracker="cve" id="2025-9230"/>
  <issue tracker="bnc" id="1225552">VUL-0: CVE-2024-4741: openssl-1_1-livepatches,openssl-3-livepatches: Use After Free with SSL_free_buffers</issue>
  <issue tracker="bnc" id="1250410">VUL-0: CVE-2025-9230: openssl-1_1-livepatches,openssl-3-livepatches: Out-of-bounds read &amp; write in RFC 3211 KEK Unwrap (CVE-2025-9230)</issue>
  <issue tracker="bnc" id="1224458">openssl-1_1-livepatches: Missing function for old library version</issue>
  <packager>gbelinassi</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for openssl-1_1-livepatches</summary>
  <description>This update for openssl-1_1-livepatches fixes the following issues:

- Add livepatch for CVE-2025-9230 (bsc#1250410).

- Use strong externalization for ssl3_setup_read_buffer and
  ssl3_release_read_buffer
- Use strong externalization for ossl_statem_fatal.

- Add livepatch for CVE-2024-4741 (bsc#1225552).

- Drop trigger rules for very old libpulp-tools package.

- Fix building process to include functions of older livepatches
  correctly (bsc#1224458)'.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places