Security update for openssl-3

Announcement ID:	SUSE-SU-2026:0310-1
Release Date:	2026-01-28T09:37:31Z
Rating:	critical
References:	bsc#1256830 bsc#1256834 bsc#1256835 bsc#1256836 bsc#1256837 bsc#1256838 bsc#1256839 bsc#1256840
Cross-References:	CVE-2025-15467 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796
CVSS scores:	CVE-2025-15467 ( SUSE ): 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-15467 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-68160 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-68160 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-69418 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-69418 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-69419 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-69419 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-69420 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-69420 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-69421 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-69421 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-22795 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-22795 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-22796 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2026-22796 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:	openSUSE Leap 15.4 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP4 LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves eight vulnerabilities can now be installed.

Description:

This update for openssl-3 fixes the following issues:

• CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
• CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
• CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
• CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
• CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
• CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
• CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
• CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4
  zypper in -t patch SUSE-2026-310=1
• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-310=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-310=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-310=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-310=1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-310=1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-310=1
• SUSE Linux Enterprise Server 15 SP4 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-310=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-310=1

Package List:

• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl-3-devel-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• openSUSE Leap 15.4 (x86_64)
  • libopenssl3-32bit-debuginfo-3.0.8-150400.4.78.1
  • libopenssl-3-devel-32bit-3.0.8-150400.4.78.1
  • libopenssl3-32bit-3.0.8-150400.4.78.1
• openSUSE Leap 15.4 (noarch)
  • openssl-3-doc-3.0.8-150400.4.78.1
• openSUSE Leap 15.4 (aarch64_ilp32)
  • libopenssl3-64bit-3.0.8-150400.4.78.1
  • libopenssl-3-devel-64bit-3.0.8-150400.4.78.1
  • libopenssl3-64bit-debuginfo-3.0.8-150400.4.78.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl-3-devel-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl-3-devel-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl-3-devel-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
  • libopenssl3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-debuginfo-3.0.8-150400.4.78.1
  • openssl-3-3.0.8-150400.4.78.1
  • openssl-3-debugsource-3.0.8-150400.4.78.1
  • libopenssl-3-devel-3.0.8-150400.4.78.1
  • libopenssl3-3.0.8-150400.4.78.1

References:

• https://www.suse.com/security/cve/CVE-2025-15467.html
• https://www.suse.com/security/cve/CVE-2025-68160.html
• https://www.suse.com/security/cve/CVE-2025-69418.html
• https://www.suse.com/security/cve/CVE-2025-69419.html
• https://www.suse.com/security/cve/CVE-2025-69420.html
• https://www.suse.com/security/cve/CVE-2025-69421.html
• https://www.suse.com/security/cve/CVE-2026-22795.html
• https://www.suse.com/security/cve/CVE-2026-22796.html
• https://bugzilla.suse.com/show_bug.cgi?id=1256830
• https://bugzilla.suse.com/show_bug.cgi?id=1256834
• https://bugzilla.suse.com/show_bug.cgi?id=1256835
• https://bugzilla.suse.com/show_bug.cgi?id=1256836
• https://bugzilla.suse.com/show_bug.cgi?id=1256837
• https://bugzilla.suse.com/show_bug.cgi?id=1256838
• https://bugzilla.suse.com/show_bug.cgi?id=1256839
• https://bugzilla.suse.com/show_bug.cgi?id=1256840