Overview

File _patchinfo of Package patchinfo.42399

<patchinfo incident="42399">
  <issue tracker="cve" id="2025-69420"/>
  <issue tracker="cve" id="2025-69421"/>
  <issue tracker="cve" id="2025-15467"/>
  <issue tracker="cve" id="2026-22796"/>
  <issue tracker="cve" id="2026-22795"/>
  <issue tracker="cve" id="2025-69418"/>
  <issue tracker="cve" id="2025-69419"/>
  <issue tracker="cve" id="2025-68160"/>
  <issue tracker="bnc" id="1256835">VUL-0: EMBARGOED: CVE-2025-69418: openssl, openssl-3: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls</issue>
  <issue tracker="bnc" id="1256834">VUL-0: EMBARGOED: CVE-2025-68160: openssl, openssl-3: Heap out-of-bounds write in BIO_f_linebuffer on short writes</issue>
  <issue tracker="bnc" id="1256837">VUL-0: EMBARGOED: CVE-2025-69420: openssl, openssl-3: Missing ASN1_TYPE validation in TS_RESP_verify_response() function</issue>
  <issue tracker="bnc" id="1256836">VUL-0: EMBARGOED: CVE-2025-69419: openssl, openssl-3: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion</issue>
  <issue tracker="bnc" id="1256840">VUL-0: EMBARGOED: CVE-2026-22796: openssl, openssl-3: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function</issue>
  <issue tracker="bnc" id="1256830">VUL-0: EMBARGOED: CVE-2025-15467: openssl-3: Stack buffer overflow in CMS AuthEnvelopedData parsing</issue>
  <issue tracker="bnc" id="1256838">VUL-0: EMBARGOED: CVE-2025-69421: openssl, openssl-3: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function</issue>
  <issue tracker="bnc" id="1256839">VUL-0: EMBARGOED: CVE-2026-22795: openssl, openssl-3: Missing ASN1_TYPE validation in PKCS#12 parsing</issue>
  <packager>pmonrealgonzalez</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for openssl-3</summary>
  <description>This update for openssl-3 fixes the following issues:

 - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
 - CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
 - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
 - CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
 - CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
 - CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
 - CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
 - CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places