Skip to main content
Vulnerability Intelligence
Platform
Solutions
Customers
Resources
Company
Login
Get Demo
SUSE-SU-2025:21213-1 | Mondoo Vulnerability Intelligence
Vulnerability Intelligence
SUSE-SU-2025:21213-1
SUSE-SU-2025:21213-1
UNKNOWN
Security update for openssl-3
Published Dec 15, 2025
Modified 1 months ago
Fix available
Details
This update for openssl-3 fixes the following issues:
CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap (bsc#1250232)
CVE-2025-9231: Fixedk timing side-channel in SM2 algorithm on 64 bit ARM (bsc#1250233)
CVE-2025-9232: Fixed out-of-bounds read in HTTP client no_proxy handling (bsc#1250234)
Affected Packages
libopenssl-3-devel
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
libopenssl-3-fips-provider
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
libopenssl-3-fips-provider-x86-64-v3
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
libopenssl3
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
libopenssl3-x86-64-v3
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
openssl-3
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
openssl-3-doc
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Fixed in:
3.5.0-160000.4.1
References
REPORT
https://bugzilla.suse.com/1250232
REPORT
https://bugzilla.suse.com/1250233
REPORT
https://bugzilla.suse.com/1250234
WEB
https://www.suse.com/security/cve/CVE-2025-9230
WEB
https://www.suse.com/security/cve/CVE-2025-9231
WEB
https://www.suse.com/security/cve/CVE-2025-9232
ADVISORY
https://www.suse.com/support/update/announcement/2025/suse-su-202521213-1/
Upstream
CVE-2025-9230
CVE-2025-9231
CVE-2025-9232
Related
CVE-2025-9230
CVE-2025-9231
CVE-2025-9232
Ecosystems
SUSE Linux Enterprise Server 16.0
SUSE Linux Enterprise Server for SAP applications 16.0
Timeline
Published
Dec 15, 2025
Modified
Dec 15, 2025