SUSE-SU-2026:22143-1

Vulnerability from csaf_suse - Published: 2026-06-11 12:51 - Updated: 2026-06-11 12:51
Summary
Security update for openssl-3-livepatches
Severity
Important
Notes
Title of the patch: Security update for openssl-3-livepatches
Description of the patch: This update for openssl-3-livepatches fixes the following issues - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878). - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876). - CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880). - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266389, bsc#1266357).
Patchnames: SUSE-SLE-Micro-6.1-575
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
CVE-2025-11187
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64
Vendor Fix
Threats
Impact important
CVE-2025-15467
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64
Vendor Fix
Threats
Impact critical
CVE-2025-15468
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64
Vendor Fix
Threats
Impact important
CVE-2026-45447
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Product Identifier Version Remediation
Unresolved product id: SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64
Vendor Fix
Threats
Impact important
References
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for openssl-3-livepatches",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for openssl-3-livepatches fixes the following issues\n\n- CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (bsc#1256878).\n- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256876).\n- CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (bsc#1256880).\n- CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() (bsc#1266389, bsc#1266357).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Micro-6.1-575",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22143-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:22143-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622143-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:22143-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047397.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256876",
        "url": "https://bugzilla.suse.com/1256876"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256878",
        "url": "https://bugzilla.suse.com/1256878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256880",
        "url": "https://bugzilla.suse.com/1256880"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1266357",
        "url": "https://bugzilla.suse.com/1266357"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1266389",
        "url": "https://bugzilla.suse.com/1266389"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-11187 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-11187/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-15467 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-15467/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-15468 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-15468/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-45447 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-45447/"
      }
    ],
    "title": "Security update for openssl-3-livepatches",
    "tracking": {
      "current_release_date": "2026-06-11T12:51:17Z",
      "generator": {
        "date": "2026-06-11T12:51:17Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:22143-1",
      "initial_release_date": "2026-06-11T12:51:17Z",
      "revision_history": [
        {
          "date": "2026-06-11T12:51:17Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64",
                "product": {
                  "name": "openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64",
                  "product_id": "openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Micro 6.1",
                "product": {
                  "name": "SUSE Linux Micro 6.1",
                  "product_id": "SUSE Linux Micro 6.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sl-micro:6.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
          "product_id": "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
        },
        "product_reference": "openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Micro 6.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-11187",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-11187"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-11187",
          "url": "https://www.suse.com/security/cve/CVE-2025-11187"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256829 for CVE-2025-11187",
          "url": "https://bugzilla.suse.com/1256829"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256878 for CVE-2025-11187",
          "url": "https://bugzilla.suse.com/1256878"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-11T12:51:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-11187"
    },
    {
      "cve": "CVE-2025-15467",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-15467"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-15467",
          "url": "https://www.suse.com/security/cve/CVE-2025-15467"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256830 for CVE-2025-15467",
          "url": "https://bugzilla.suse.com/1256830"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256876 for CVE-2025-15467",
          "url": "https://bugzilla.suse.com/1256876"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-11T12:51:17Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2025-15467"
    },
    {
      "cve": "CVE-2025-15468",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-15468"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: If an application using the SSL_CIPHER_find() function in\na QUIC protocol client or server receives an unknown cipher suite from\nthe peer, a NULL dereference occurs.\n\nImpact summary: A NULL pointer dereference leads to abnormal termination of\nthe running process causing Denial of Service.\n\nSome applications call SSL_CIPHER_find() from the client_hello_cb callback\non the cipher ID received from the peer. If this is done with an SSL object\nimplementing the QUIC protocol, NULL pointer dereference will happen if\nthe examined cipher ID is unknown or unsupported.\n\nAs it is not very common to call this function in applications using the QUIC \nprotocol and the worst outcome is Denial of Service, the issue was assessed\nas Low severity.\n\nThe vulnerable code was introduced in the 3.2 version with the addition\nof the QUIC protocol support.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the QUIC implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-15468",
          "url": "https://www.suse.com/security/cve/CVE-2025-15468"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256831 for CVE-2025-15468",
          "url": "https://bugzilla.suse.com/1256831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256880 for CVE-2025-15468",
          "url": "https://bugzilla.suse.com/1256880"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-11T12:51:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-15468"
    },
    {
      "cve": "CVE-2026-45447",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-45447"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Issue summary: A specially crafted PKCS#7 or S/MIME signed message could\ntrigger a use-after-free during PKCS#7 signature verification.\n\nImpact summary: A use-after-free may result in process crashes, heap\ncorruption, or potentially remote code execution.\n\nWhen processing a PKCS#7 or S/MIME signed message, if the SignedData\ndigestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may\nincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent\nuse of the BIO by the calling application results in a use-after-free\ncondition.\n\nIn the common case this occurs when the application later calls\nBIO_free() on the BIO originally passed to PKCS7_verify(). Depending\non allocator behavior and application-specific BIO usage patterns, this\nmay result in a crash or other memory corruption. In some application\ncontexts this may potentially be exploitable for remote code execution.\n\nApplications that process PKCS#7 or S/MIME signed messages using OpenSSL\nPKCS#7 APIs may be affected. Applications using the CMS APIs for this\nprocessing are not affected.\n\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-45447",
          "url": "https://www.suse.com/security/cve/CVE-2026-45447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1266357 for CVE-2026-45447",
          "url": "https://bugzilla.suse.com/1266357"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1266389 for CVE-2026-45447",
          "url": "https://bugzilla.suse.com/1266389"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Micro 6.1:openssl-3-livepatches-0.4-slfo.1.1_1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-06-11T12:51:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-45447"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.