Overview

File _patchinfo of Package patchinfo.42417

<patchinfo incident="42417">
  <issue tracker="cve" id="2026-22796"/>
  <issue tracker="cve" id="2025-69421"/>
  <issue tracker="cve" id="2025-68160"/>
  <issue tracker="cve" id="2025-69420"/>
  <issue tracker="bnc" id="1256837">VUL-0: EMBARGOED: CVE-2025-69420: openssl, openssl-3: Missing ASN1_TYPE validation in TS_RESP_verify_response() function</issue>
  <issue tracker="bnc" id="1256834">VUL-0: EMBARGOED: CVE-2025-68160: openssl, openssl-3: Heap out-of-bounds write in BIO_f_linebuffer on short writes</issue>
  <issue tracker="bnc" id="1256838">VUL-0: EMBARGOED: CVE-2025-69421: openssl, openssl-3: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function</issue>
  <issue tracker="bnc" id="1256840">VUL-0: EMBARGOED: CVE-2026-22796: openssl, openssl-3: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function</issue>
  <packager>pmonrealgonzalez</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for openssl-1_0_0</summary>
  <description>This update for openssl-1_0_0 fixes the following issues:

- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834). 
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places