openSUSE-SU-2025:20164-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2025:20164-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2025:20164-1
- Upstream
- Related
- Published
- 2025-12-15T18:16:15Z
- Modified
- 2026-03-12T02:06:47.613243Z
- Summary
- Security update for openssl-3
- Details
-
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232)
- CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233)
- CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234)
- References
Affected packages
openSUSE:Leap 16.0 / openssl-3
Package
- Name
- openssl-3
- Purl
- pkg:rpm/opensuse/openssl-3&distro=openSUSE%20Leap%2016.0
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.5.0-160000.4.1
Ecosystem specific
{
"binaries": [
{
"libopenssl3-x86-64-v3": "3.5.0-160000.4.1",
"libopenssl-3-devel": "3.5.0-160000.4.1",
"openssl-3-doc": "3.5.0-160000.4.1",
"libopenssl-3-fips-provider-x86-64-v3": "3.5.0-160000.4.1",
"openssl-3": "3.5.0-160000.4.1",
"libopenssl3": "3.5.0-160000.4.1",
"libopenssl-3-fips-provider": "3.5.0-160000.4.1"
}
]
}