5 matches found
SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2026:0358-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0358-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyrespon...
SUSE-SU-2026:0359-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. - CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex functi...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex function...
CVE-2025-69420
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...