SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1605-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1605-1 advisory. This update for openssl-3 fixes the following issue: Security issues fixed: - CVE-2026-28390: NULL pointer dereference during processing of ...

SUSE-SU-2026:1605-1 Security update for openssl-3

This update for openssl-3 fixes the following issue: Security issues fixed: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Other updates and bugfixes: - Enable MD2 in legacy provider jscPED-15724...

Security update for openssl-3

This update for openssl-3 fixes the following issue: Security issues fixed: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Other updates and bugfixes: Enable MD2 in legacy provider jscPED-15724. Patch...

SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2026:1375-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1375-1 advisory. Security issues fixed: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. -...

SUSE-SU-2026:21186-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-28387: potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL pointer dereference when processing...

SUSE-SU-2026:21107-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-28387: potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL pointer dereference when processing...

OPENSUSE-SU-2026:20525-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-28387: potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL pointer dereference when processing...

SUSE CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

openssl-src contains `NULL` dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

ALPINE-CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

DEBIAN-CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

ALPINE-CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...