{"id":"SUSE-SU-2026:1605-1","summary":"Security update for openssl-3","details":"This update for openssl-3 fixes the following issue:\n\nSecurity issues fixed:\n    \n- CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with\n  KeyTransportRecipientInfo (bsc#1261678).\n    \nOther updates and bugfixes:\n    \n- Enable MD2 in legacy provider (jsc#PED-15724).\n","modified":"2026-04-25T07:45:57.204771Z","published":"2026-04-24T11:48:58Z","related":["CVE-2026-28390"],"upstream":["CVE-2026-28390"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20261605-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1261678"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-28390"}],"affected":[{"package":{"name":"openssl-3","ecosystem":"SUSE:Linux Enterprise Server 15 SP6-LTSS","purl":"pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-150600.5.50.1"}]}],"ecosystem_specific":{"binaries":[{"libopenssl3":"3.1.4-150600.5.50.1","libopenssl3-32bit":"3.1.4-150600.5.50.1","libopenssl-3-fips-provider-32bit":"3.1.4-150600.5.50.1","libopenssl-3-fips-provider":"3.1.4-150600.5.50.1","libopenssl-3-devel":"3.1.4-150600.5.50.1","openssl-3":"3.1.4-150600.5.50.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1605-1.json"}},{"package":{"name":"openssl-3","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP6","purl":"pkg:rpm/suse/openssl-3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.4-150600.5.50.1"}]}],"ecosystem_specific":{"binaries":[{"libopenssl3":"3.1.4-150600.5.50.1","libopenssl3-32bit":"3.1.4-150600.5.50.1","libopenssl-3-fips-provider-32bit":"3.1.4-150600.5.50.1","libopenssl-3-fips-provider":"3.1.4-150600.5.50.1","libopenssl-3-devel":"3.1.4-150600.5.50.1","openssl-3":"3.1.4-150600.5.50.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:1605-1.json"}}],"schema_version":"1.7.5"}