SUSE-SU-2026:20542-1

Vulnerability from csaf_suse - Published: 2026-02-18 16:23 - Updated: 2026-02-18 16:23
Summary
Security update for openssl-3-livepatches
Severity
Critical
Notes
Title of the patch: Security update for openssl-3-livepatches
Description of the patch: This update for openssl-3-livepatches fixes the following issues: - CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878). - CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876). - CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880). - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK Unwrap (bsc#1250410).
Patchnames: SUSE-SL-Micro-6.2-298
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
CVE-2025-11187
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le
Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64
Vendor Fix
Threats
Impact important
CVE-2025-15467
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le
Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64
Vendor Fix
Threats
Impact critical
CVE-2025-15468
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le
Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64
Vendor Fix
Threats
Impact important
CVE-2025-9230
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le
Vendor Fix
Unresolved product id: SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64
Vendor Fix
Threats
Impact important
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl-3-livepatches",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssl-3-livepatches fixes the following issues:\n\n- CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS#12 MAC verification  (bsc#1256878).\n- CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).\n- CVE-2025-15468: Fixed NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).\n- CVE-2025-9230: Fixed out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap (bsc#1250410).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SL-Micro-6.2-298",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20542-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:20542-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620542-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:20542-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024594.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1250410",
        "url": "https://bugzilla.suse.com/1250410"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256876",
        "url": "https://bugzilla.suse.com/1256876"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256878",
        "url": "https://bugzilla.suse.com/1256878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256880",
        "url": "https://bugzilla.suse.com/1256880"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11187 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11187/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-15467 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-15467/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-15468 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-15468/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-9230 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-9230/"
      }
    ],
    "title": "Security update for openssl-3-livepatches",
    "tracking": {
      "current_release_date": "2026-02-18T16:23:27Z",
      "generator": {
        "date": "2026-02-18T16:23:27Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:20542-1",
      "initial_release_date": "2026-02-18T16:23:27Z",
      "revision_history": [
        {
          "date": "2026-02-18T16:23:27Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
                "product": {
                  "name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
                  "product_id": "openssl-3-livepatches-0.3-160000.1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
                "product": {
                  "name": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
                  "product_id": "openssl-3-livepatches-0.3-160000.1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.2",
                "product": {
                  "name": "SUSE Linux Micro 6.2",
                  "product_id": "SUSE Linux Micro 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:transactional"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-livepatches-0.3-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le"
        },
        "product_reference": "openssl-3-livepatches-0.3-160000.1.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-livepatches-0.3-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
          "product_id": "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
        },
        "product_reference": "openssl-3-livepatches-0.3-160000.1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-11187",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11187"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11187",
          "url": "https://www.suse.com/security/cve/CVE-2025-11187"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256829 for CVE-2025-11187",
          "url": "https://bugzilla.suse.com/1256829"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256878 for CVE-2025-11187",
          "url": "https://bugzilla.suse.com/1256878"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-18T16:23:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-11187"
    },
    {
      "cve": "CVE-2025-15467",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-15467"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-15467",
          "url": "https://www.suse.com/security/cve/CVE-2025-15467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256830 for CVE-2025-15467",
          "url": "https://bugzilla.suse.com/1256830"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256876 for CVE-2025-15467",
          "url": "https://bugzilla.suse.com/1256876"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-18T16:23:27Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-15467"
    },
    {
      "cve": "CVE-2025-15468",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-15468"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-15468",
          "url": "https://www.suse.com/security/cve/CVE-2025-15468"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256831 for CVE-2025-15468",
          "url": "https://bugzilla.suse.com/1256831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256880 for CVE-2025-15468",
          "url": "https://bugzilla.suse.com/1256880"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-18T16:23:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-15468"
    },
    {
      "cve": "CVE-2025-9230",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-9230"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
          "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-9230",
          "url": "https://www.suse.com/security/cve/CVE-2025-9230"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250232 for CVE-2025-9230",
          "url": "https://bugzilla.suse.com/1250232"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1250410 for CVE-2025-9230",
          "url": "https://bugzilla.suse.com/1250410"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.ppc64le",
            "SUSE Linux Micro 6.2:openssl-3-livepatches-0.3-160000.1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-02-18T16:23:27Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-9230"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.