Alerts This Week
Warning Icon 1 474
Alerts This Week
Warning Icon 1 474

SUSE OpenSSL Important Heap Overflow Issues Vuln 2026-2396-1

suse
Calendar Grey June 15, 2026
Dist Suse Esm H88
Install the important security update for openssl-1_0_0 addressing multiple issues and vulnerabilities in SUSE.
An update that solves seven vulnerabilities and has one security fix can now be installed.

Summary

## This update for openssl-1_0_0 fixes the following issues * CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion (bsc#1266340). * CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption (bsc#1266341). * CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442). * CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443). * CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing (bsc#1266342). * CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption (bsc#1266349). * CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266357). * NULL pointer dereference when processing an OCSP response (bsc#1260446). ## Patch Instructions:

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE OpenSSL important heap overflow

References

* bsc#1260442

* bsc#1260443

* bsc#1260446

* bsc#1266340

* bsc#1266341

* bsc#1266342

* bsc#1266349

* bsc#1266357

Cross-

* CVE-2026-28388

* CVE-2026-28389

* CVE-2026-34180

* CVE-2026-42766

* CVE-2026-45447

* CVE-2026-7383

* CVE-2026-9076

CVSS scores:

* CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-28388 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-28389 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-28389 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-34180 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2396-1
Release Date: 2026-06-15T14:34:24Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE OpenSSL important heap overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here