Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for openssl-3 fixes the following issues: Changes in openssl-3: * Missing ASN1_TYPE validation in PKCS#12 parsing [bsc#1256839, CVE-2026-22795] * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function [bsc#1256840, CVE-2026-22796] * Missing ASN1_TYPE validation in TS_RESP_verify_response() function [bsc#1256837, CVE-2025-69420] * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function [bsc#1256838, CVE-2025-69421] * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion [bsc#1256836, CVE-2025-69419] * TLS 1.3 CompressedCertificate excessive memory allocation [bsc#1256833, CVE-2025-66199] * Heap out-of-bounds write in BIO_f_linebuffer on short writes [bsc#1256834, CVE-2025-68160]
* bsc#1247463
* bsc#1250232
* bsc#1250233
* bsc#1250234
* bsc#1256829
* bsc#1256830
* bsc#1256831
* bsc#1256832
* bsc#1256833
* bsc#1256834
* bsc#1256835
* bsc#1256836
* bsc#1256837
* bsc#1256838
* bsc#1256839
* bsc#1256840
* bsc#1257274
Cross-
* CVE-2025-11187
* CVE-2025-15467
* CVE-2025-15468
* CVE-2025-15469
* CVE-2025-66199
* CVE-2025-68160
* CVE-2025-69418
* CVE-2025-69419
* CVE-2025-69420
* CVE-2025-69421
* CVE-2025-9230
* CVE-2025-9231
* CVE-2025-9232
* CVE-2026-22795
* CVE-2026-22796
CVSS scores:
* CVE-2025-11187 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-11187 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-11187 ( NVD ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
* CVE-2025-15467 ( SUSE ): 9.3
Get the latest Linux and open source security news straight to your inbox.