Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 538
Alerts This Week
Warning Icon 1 538

SUSE provides openSSL 3 essential security patch for CVE-2025-11187

suse
Calendar Grey February 17, 2026
Dist Suse Esm H88
Stay updated on critical SUSE security fixes for openssl-3 resolving multiple vulnerabilities impacting system integrity.
An update that solves 15 vulnerabilities and has two fixes can now be installed.

Summary

## This update for openssl-3 fixes the following issues: Changes in openssl-3: * Missing ASN1_TYPE validation in PKCS#12 parsing [bsc#1256839, CVE-2026-22795] * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function [bsc#1256840, CVE-2026-22796] * Missing ASN1_TYPE validation in TS_RESP_verify_response() function [bsc#1256837, CVE-2025-69420] * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function [bsc#1256838, CVE-2025-69421] * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion [bsc#1256836, CVE-2025-69419] * TLS 1.3 CompressedCertificate excessive memory allocation [bsc#1256833, CVE-2025-66199] * Heap out-of-bounds write in BIO_f_linebuffer on short writes [bsc#1256834, CVE-2025-68160]

References

* bsc#1247463

* bsc#1250232

* bsc#1250233

* bsc#1250234

* bsc#1256829

* bsc#1256830

* bsc#1256831

* bsc#1256832

* bsc#1256833

* bsc#1256834

* bsc#1256835

* bsc#1256836

* bsc#1256837

* bsc#1256838

* bsc#1256839

* bsc#1256840

* bsc#1257274

Cross-

* CVE-2025-11187

* CVE-2025-15467

* CVE-2025-15468

* CVE-2025-15469

* CVE-2025-66199

* CVE-2025-68160

* CVE-2025-69418

* CVE-2025-69419

* CVE-2025-69420

* CVE-2025-69421

* CVE-2025-9230

* CVE-2025-9231

* CVE-2025-9232

* CVE-2026-22795

* CVE-2026-22796

CVSS scores:

* CVE-2025-11187 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-11187 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-11187 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

* CVE-2025-15467 ( SUSE ): 9.3

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:20418-1
Release Date: 2026-02-11T23:33:51Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.