Описание
Security update for openssl-3
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
libopenssl-3-devel-3.1.4-150600.5.27.1
libopenssl-3-fips-provider-3.1.4-150600.5.27.1
libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1
libopenssl3-3.1.4-150600.5.27.1
libopenssl3-32bit-3.1.4-150600.5.27.1
openssl-3-3.1.4-150600.5.27.1
openSUSE Leap 15.6
libopenssl-3-devel-3.1.4-150600.5.27.1
libopenssl-3-devel-32bit-3.1.4-150600.5.27.1
libopenssl-3-fips-provider-3.1.4-150600.5.27.1
libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1
libopenssl3-3.1.4-150600.5.27.1
libopenssl3-32bit-3.1.4-150600.5.27.1
openssl-3-3.1.4-150600.5.27.1
openssl-3-doc-3.1.4-150600.5.27.1
Ссылки
- Link for SUSE-SU-2025:1550-1
- E-Mail link for SUSE-SU-2025:1550-1
- SUSE Security Ratings
- SUSE Bug 1230959
- SUSE Bug 1231748
- SUSE Bug 1232326
- SUSE Bug 1240366
- SUSE Bug 1240607
- SUSE CVE CVE-2025-27587 page
Описание
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1
Ссылки
- CVE-2025-27587
- SUSE Bug 1240366