SUSE-SU-2026:1605-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20261605-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1605-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:1605-1
- Upstream
- Related
- Published
- 2026-04-24T11:48:58Z
- Modified
- 2026-04-25T07:45:48.439893Z
- Summary
- Security update for openssl-3
- Details
-
This update for openssl-3 fixes the following issue:
Security issues fixed:
- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678).
Other updates and bugfixes:
- Enable MD2 in legacy provider (jsc#PED-15724).
- References
Affected packages
SUSE:Linux Enterprise Server 15 SP6-LTSS / openssl-3
Package
- Name
- openssl-3
- Purl
- pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.4-150600.5.50.1
Ecosystem specific
{
"binaries": [
{
"libopenssl-3-fips-provider-32bit": "3.1.4-150600.5.50.1",
"libopenssl-3-fips-provider": "3.1.4-150600.5.50.1",
"libopenssl3-32bit": "3.1.4-150600.5.50.1",
"openssl-3": "3.1.4-150600.5.50.1",
"libopenssl-3-devel": "3.1.4-150600.5.50.1",
"libopenssl3": "3.1.4-150600.5.50.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 15 SP6 / openssl-3
Package
- Name
- openssl-3
- Purl
- pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.4-150600.5.50.1
Ecosystem specific
{
"binaries": [
{
"libopenssl-3-fips-provider-32bit": "3.1.4-150600.5.50.1",
"libopenssl-3-fips-provider": "3.1.4-150600.5.50.1",
"libopenssl3-32bit": "3.1.4-150600.5.50.1",
"openssl-3": "3.1.4-150600.5.50.1",
"libopenssl-3-devel": "3.1.4-150600.5.50.1",
"libopenssl3": "3.1.4-150600.5.50.1"
}
]
}