[SUSE-SU-2022:3843-1] Security update for openssl-3
Severity
Critical
Affected Packages
15
CVEs
3
Security update for openssl-3
This update for openssl-3 fixes the following issues:
- CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit() could lead into NULL encryption being unexpectedly used (bsc#1204226).
- CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. (bsc#1204714)
- CVE-2022-3786: Fixed another buffer overflow related to X.509 email address. (bsc#1204714)
- ID
- SUSE-SU-2022:3843-1
- Severity
- critical
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20223843-1/
- Published
-
2022-11-01T16:40:22
(22 months ago) - Modified
-
2022-11-01T16:40:22
(22 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALPINE:CVE-2022-3358
-
ALPINE:CVE-2022-3602
-
ALPINE:CVE-2022-3786
-
ALSA-2022:7288
-
ALSA-2023:2523
-
CISCO-SA-OPENSSL-W9SDCC2A
-
ELSA-2022-10004
-
ELSA-2022-7288
-
ELSA-2022-9968
-
ELSA-2023-2523
-
FEDORA-2022-0f1d2e0537
-
FEDORA-2022-502f096dce
-
FREEBSD:0844671C-5A09-11ED-856E-D4C9EF517024
-
FREEBSD:7392E1E3-4EB9-11ED-856E-D4C9EF517024
-
GLSA-202211-01
-
GLSA-202402-08
-
GLSA-202405-29
-
MS:CVE-2022-3602
-
MS:CVE-2022-3786
-
RHSA-2022:7288
-
RHSA-2023:2523
-
RLSA-2022:7288
-
RUSTSEC-2022-0059
-
RUSTSEC-2022-0064
-
RUSTSEC-2022-0065
-
SECADV-20220929-1
-
SECADV-20221101-1
-
SECADV-20221101-2
-
SUSE-SU-2022:4586-1
-
USN-5710-1
-
VU:794340
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Suse | SUSE ratings |
|
|
| Suse | URL of this CSAF notice |
|
|
| Suse | URL for SUSE-SU-2022:3843-1 |
|
|
| Suse | E-Mail link for SUSE-SU-2022:3843-1 |
|
|
| Bugzilla | SUSE Bug 1204226 |
|
|
| Bugzilla | SUSE Bug 1204714 |
|
|
| CVE | SUSE CVE CVE-2022-3358 page |
|
|
| CVE | SUSE CVE CVE-2022-3602 page |
|
|
| CVE | SUSE CVE CVE-2022-3786 page |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/openssl-3?arch=x86_64&distro=opensuse-leap-15.4 | suse |
 openssl-3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/openssl-3?arch=s390x&distro=opensuse-leap-15.4 | suse |
openssl-3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | s390x | |
| Affected | pkg:rpm/suse/openssl-3?arch=ppc64le&distro=opensuse-leap-15.4 | suse |
openssl-3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | ppc64le | |
| Affected | pkg:rpm/suse/openssl-3?arch=aarch64&distro=opensuse-leap-15.4 | suse |
openssl-3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | aarch64 | |
| Affected | pkg:rpm/suse/openssl-3-doc?arch=noarch&distro=opensuse-leap-15.4 | suse |
openssl-3-doc
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | noarch | |
| Affected | pkg:rpm/suse/libopenssl3?arch=x86_64&distro=opensuse-leap-15.4 | suse |
libopenssl3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/libopenssl3?arch=s390x&distro=opensuse-leap-15.4 | suse |
libopenssl3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | s390x | |
| Affected | pkg:rpm/suse/libopenssl3?arch=ppc64le&distro=opensuse-leap-15.4 | suse |
libopenssl3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | ppc64le | |
| Affected | pkg:rpm/suse/libopenssl3?arch=aarch64&distro=opensuse-leap-15.4 | suse |
libopenssl3
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | aarch64 | |
| Affected | pkg:rpm/suse/libopenssl3-32bit?arch=x86_64&distro=opensuse-leap-15.4 | suse |
libopenssl3-32bit
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/libopenssl-3-devel?arch=x86_64&distro=opensuse-leap-15.4 | suse |
libopenssl-3-devel
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | x86_64 | |
| Affected | pkg:rpm/suse/libopenssl-3-devel?arch=s390x&distro=opensuse-leap-15.4 | suse |
libopenssl-3-devel
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | s390x | |
| Affected | pkg:rpm/suse/libopenssl-3-devel?arch=ppc64le&distro=opensuse-leap-15.4 | suse |
libopenssl-3-devel
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | ppc64le | |
| Affected | pkg:rpm/suse/libopenssl-3-devel?arch=aarch64&distro=opensuse-leap-15.4 | suse |
libopenssl-3-devel
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | aarch64 | |
| Affected | pkg:rpm/suse/libopenssl-3-devel-32bit?arch=x86_64&distro=opensuse-leap-15.4 | suse |
libopenssl-3-devel-32bit
|
< 3.0.1-150400.4.11.1 | opensuse-leap-15.4 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |