Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-27587 (GCVE-0-2025-27587)
Vulnerability from cvelistv5
Published
2025-06-16 00:00
Modified
2025-06-26 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27587",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T16:16:27.533510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T16:17:47.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T21:51:53.496Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/openssl/openssl/issues/24253"
},
{
"url": "https://minerva.crocs.fi.muni.cz"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-27587",
"datePublished": "2025-06-16T00:00:00.000Z",
"dateReserved": "2025-03-03T00:00:00.000Z",
"dateUpdated": "2025-06-26T16:17:47.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27587\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-06-16T22:15:44.093\",\"lastModified\":\"2025-06-26T17:15:30.497\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.\"},{\"lang\":\"es\",\"value\":\"OpenSSL 3.0.0 a 3.3.2 en la arquitectura PowerPC es vulnerable a un ataque Minerva. Este ataque se puede explotar midiendo el tiempo de firma de mensajes aleatorios mediante la API EVP_DigestSign y, posteriormente, utilizando la clave privada para extraer el valor K (nonce) de las firmas. A continuaci\u00f3n, bas\u00e1ndose en el tama\u00f1o en bits del nonce extra\u00eddo, se puede comparar el tiempo de firma de nonces de tama\u00f1o completo con el de firmas que utilizan nonces m\u00e1s peque\u00f1os mediante pruebas estad\u00edsticas. Existe un canal lateral en la curva P-364 que permite la extracci\u00f3n de la clave privada (adem\u00e1s, existe una dependencia entre el tama\u00f1o en bits de K y el tama\u00f1o del canal lateral). NOTA: Esta CVE es controvertida porque la pol\u00edtica de seguridad de OpenSSL indica expl\u00edcitamente que cualquier canal lateral que requiera la detecci\u00f3n del mismo sistema f\u00edsico queda fuera del modelo de amenazas del software. La se\u00f1al de tiempo es tan peque\u00f1a que es imposible detectarla sin que el proceso atacante se ejecute en el mismo sistema f\u00edsico.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-385\"}]}],\"references\":[{\"url\":\"https://github.com/openssl/openssl/issues/24253\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://minerva.crocs.fi.muni.cz\",\"source\":\"cve@mitre.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27587\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-26T16:16:27.533510Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-385\", \"description\": \"CWE-385 Covert Timing Channel\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-26T16:17:37.126Z\"}}], \"cna\": {\"tags\": [\"disputed\"], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/openssl/openssl/issues/24253\"}, {\"url\": \"https://minerva.crocs.fi.muni.cz\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-06-16T21:51:53.496Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27587\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-26T16:17:47.596Z\", \"dateReserved\": \"2025-03-03T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-06-16T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
suse-su-2025:1550-1
Vulnerability from csaf_suse
Published
2025-05-16 00:16
Modified
2025-05-16 00:16
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
Security:
- CVE-2025-27587: Timing side channel vulnerability in the P-384
implementation when used with ECDSA in the PPC architecture (bsc#1240366).
- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).
FIPS:
- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).
Patchnames
SUSE-2025-1550,SUSE-SLE-Module-Basesystem-15-SP6-2025-1550,openSUSE-SLE-15.6-2025-1550
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\nSecurity:\n \n- CVE-2025-27587: Timing side channel vulnerability in the P-384\n implementation when used with ECDSA in the PPC architecture (bsc#1240366).\n- Missing null pointer check before accessing handshake_func in ssl_lib.c (bsc#1240607).\n \nFIPS:\n \n- Disabling EMS in OpenSSL configuration prevents sshd from starting (bsc#1230959, bsc#1232326, bsc#1231748).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1550,SUSE-SLE-Module-Basesystem-15-SP6-2025-1550,openSUSE-SLE-15.6-2025-1550",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1550-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1550-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251550-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1550-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039218.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230959",
"url": "https://bugzilla.suse.com/1230959"
},
{
"category": "self",
"summary": "SUSE Bug 1231748",
"url": "https://bugzilla.suse.com/1231748"
},
{
"category": "self",
"summary": "SUSE Bug 1232326",
"url": "https://bugzilla.suse.com/1232326"
},
{
"category": "self",
"summary": "SUSE Bug 1240366",
"url": "https://bugzilla.suse.com/1240366"
},
{
"category": "self",
"summary": "SUSE Bug 1240607",
"url": "https://bugzilla.suse.com/1240607"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-05-16T00:16:12Z",
"generator": {
"date": "2025-05-16T00:16:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1550-1",
"initial_release_date": "2025-05-16T00:16:12Z",
"revision_history": [
{
"date": "2025-05-16T00:16:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.27.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-150600.5.27.1.aarch64",
"product_id": "libopenssl3-3.1.4-150600.5.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.27.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-150600.5.27.1.aarch64",
"product_id": "openssl-3-3.1.4-150600.5.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.1.4-150600.5.27.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.1.4-150600.5.27.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.1.4-150600.5.27.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.27.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.27.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.1.4-150600.5.27.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.1.4-150600.5.27.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.1.4-150600.5.27.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.1.4-150600.5.27.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.i586",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.i586",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.27.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.i586",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.27.1.i586",
"product": {
"name": "libopenssl3-3.1.4-150600.5.27.1.i586",
"product_id": "libopenssl3-3.1.4-150600.5.27.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.27.1.i586",
"product": {
"name": "openssl-3-3.1.4-150600.5.27.1.i586",
"product_id": "openssl-3-3.1.4-150600.5.27.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.1.4-150600.5.27.1.noarch",
"product": {
"name": "openssl-3-doc-3.1.4-150600.5.27.1.noarch",
"product_id": "openssl-3-doc-3.1.4-150600.5.27.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"product": {
"name": "libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"product_id": "libopenssl3-3.1.4-150600.5.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.27.1.ppc64le",
"product": {
"name": "openssl-3-3.1.4-150600.5.27.1.ppc64le",
"product_id": "openssl-3-3.1.4-150600.5.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.27.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-150600.5.27.1.s390x",
"product_id": "libopenssl3-3.1.4-150600.5.27.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.27.1.s390x",
"product": {
"name": "openssl-3-3.1.4-150600.5.27.1.s390x",
"product_id": "openssl-3-3.1.4-150600.5.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-150600.5.27.1.x86_64",
"product_id": "libopenssl3-3.1.4-150600.5.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"product_id": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-150600.5.27.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-150600.5.27.1.x86_64",
"product_id": "openssl-3-3.1.4-150600.5.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.ppc64le"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.s390x"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-150600.5.27.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-150600.5.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.1.4-150600.5.27.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.27.1.noarch"
},
"product_reference": "openssl-3-doc-3.1.4-150600.5.27.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.27.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.27.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:openssl-3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-devel-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-devel-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl-3-fips-provider-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:libopenssl3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:libopenssl3-32bit-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.aarch64",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.ppc64le",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.s390x",
"openSUSE Leap 15.6:openssl-3-3.1.4-150600.5.27.1.x86_64",
"openSUSE Leap 15.6:openssl-3-doc-3.1.4-150600.5.27.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-16T00:16:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
suse-su-2025:20417-1
Vulnerability from csaf_suse
Published
2025-06-13 10:48
Modified
2025-06-13 10:48
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366)
Patchnames
SUSE-SLE-Micro-6.1-146
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-146",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20417-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20417-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520417-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20417-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040398.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240366",
"url": "https://bugzilla.suse.com/1240366"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-06-13T10:48:33Z",
"generator": {
"date": "2025-06-13T10:48:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20417-1",
"initial_release_date": "2025-06-13T10:48:33Z",
"revision_history": [
{
"date": "2025-06-13T10:48:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.aarch64",
"product_id": "libopenssl3-3.1.4-slfo.1.1_5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_5.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_5.1.aarch64",
"product_id": "openssl-3-3.1.4-slfo.1.1_5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.s390x",
"product_id": "libopenssl3-3.1.4-slfo.1.1_5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_5.1.s390x",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_5.1.s390x",
"product_id": "openssl-3-3.1.4-slfo.1.1_5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.x86_64",
"product_id": "libopenssl3-3.1.4-slfo.1.1_5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-slfo.1.1_5.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-slfo.1.1_5.1.x86_64",
"product_id": "openssl-3-3.1.4-slfo.1.1_5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_5.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-slfo.1.1_5.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-slfo.1.1_5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_5.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_5.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.s390x"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_5.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-slfo.1.1_5.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-slfo.1.1_5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-devel-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl-3-fips-provider-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:libopenssl3-3.1.4-slfo.1.1_5.1.x86_64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.aarch64",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.s390x",
"SUSE Linux Micro 6.1:openssl-3-3.1.4-slfo.1.1_5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-13T10:48:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
suse-su-2025:02236-1
Vulnerability from csaf_suse
Published
2025-07-07 12:58
Modified
2025-07-07 12:58
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366).
- Backport mdless cms signing support [jsc#PED-12895]
Patchnames
SUSE-2025-2236,SUSE-SLE-Module-Basesystem-15-SP7-2025-2236
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 (bsc#1240366).\n\n- Backport mdless cms signing support [jsc#PED-12895]\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2236,SUSE-SLE-Module-Basesystem-15-SP7-2025-2236",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02236-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02236-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502236-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02236-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040629.html"
},
{
"category": "self",
"summary": "SUSE Bug 1240366",
"url": "https://bugzilla.suse.com/1240366"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-07-07T12:58:58Z",
"generator": {
"date": "2025-07-07T12:58:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02236-1",
"initial_release_date": "2025-07-07T12:58:58Z",
"revision_history": [
{
"date": "2025-07-07T12:58:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.10.1.aarch64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.10.1.aarch64",
"product_id": "libopenssl3-3.2.3-150700.5.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.10.1.aarch64",
"product": {
"name": "openssl-3-3.2.3-150700.5.10.1.aarch64",
"product_id": "openssl-3-3.2.3-150700.5.10.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.10.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.10.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.2.3-150700.5.10.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.10.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.10.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.10.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.2.3-150700.5.10.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.2.3-150700.5.10.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.2.3-150700.5.10.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.i586",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.i586",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.10.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.i586",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.10.1.i586",
"product": {
"name": "libopenssl3-3.2.3-150700.5.10.1.i586",
"product_id": "libopenssl3-3.2.3-150700.5.10.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.10.1.i586",
"product": {
"name": "openssl-3-3.2.3-150700.5.10.1.i586",
"product_id": "openssl-3-3.2.3-150700.5.10.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-150700.5.10.1.noarch",
"product": {
"name": "openssl-3-doc-3.2.3-150700.5.10.1.noarch",
"product_id": "openssl-3-doc-3.2.3-150700.5.10.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.10.1.ppc64le",
"product": {
"name": "libopenssl3-3.2.3-150700.5.10.1.ppc64le",
"product_id": "libopenssl3-3.2.3-150700.5.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.10.1.ppc64le",
"product": {
"name": "openssl-3-3.2.3-150700.5.10.1.ppc64le",
"product_id": "openssl-3-3.2.3-150700.5.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.s390x",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.10.1.s390x",
"product": {
"name": "libopenssl3-3.2.3-150700.5.10.1.s390x",
"product_id": "libopenssl3-3.2.3-150700.5.10.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.10.1.s390x",
"product": {
"name": "openssl-3-3.2.3-150700.5.10.1.s390x",
"product_id": "openssl-3-3.2.3-150700.5.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.10.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.2.3-150700.5.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.10.1.x86_64",
"product_id": "libopenssl3-3.2.3-150700.5.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64",
"product_id": "libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.10.1.x86_64",
"product": {
"name": "openssl-3-3.2.3-150700.5.10.1.x86_64",
"product_id": "openssl-3-3.2.3-150700.5.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.aarch64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.ppc64le"
},
"product_reference": "libopenssl3-3.2.3-150700.5.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.s390x"
},
"product_reference": "libopenssl3-3.2.3-150700.5.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.x86_64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.aarch64"
},
"product_reference": "openssl-3-3.2.3-150700.5.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.ppc64le"
},
"product_reference": "openssl-3-3.2.3-150700.5.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.s390x"
},
"product_reference": "openssl-3-3.2.3-150700.5.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.x86_64"
},
"product_reference": "openssl-3-3.2.3-150700.5.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.10.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-07T12:58:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
suse-su-2025:20406-1
Vulnerability from csaf_suse
Published
2025-06-13 11:05
Modified
2025-06-13 11:05
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 on PPC arch (bsc#1240366)
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-SLE-Micro-6.0-353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 on PPC arch (bsc#1240366)\n- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-353",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20406-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20406-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520406-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20406-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040341.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1240366",
"url": "https://bugzilla.suse.com/1240366"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-06-13T11:05:04Z",
"generator": {
"date": "2025-06-13T11:05:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20406-1",
"initial_release_date": "2025-06-13T11:05:04Z",
"revision_history": [
{
"date": "2025-06-13T11:05:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-8.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.1.4-8.1.aarch64",
"product_id": "libopenssl-3-devel-3.1.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-8.1.aarch64",
"product": {
"name": "libopenssl3-3.1.4-8.1.aarch64",
"product_id": "libopenssl3-3.1.4-8.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-8.1.aarch64",
"product": {
"name": "openssl-3-3.1.4-8.1.aarch64",
"product_id": "openssl-3-3.1.4-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-8.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.1.4-8.1.s390x",
"product_id": "libopenssl-3-devel-3.1.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.1.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-8.1.s390x",
"product": {
"name": "libopenssl3-3.1.4-8.1.s390x",
"product_id": "libopenssl3-3.1.4-8.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-8.1.s390x",
"product": {
"name": "openssl-3-3.1.4-8.1.s390x",
"product_id": "openssl-3-3.1.4-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.1.4-8.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.1.4-8.1.x86_64",
"product_id": "libopenssl-3-devel-3.1.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.1.4-8.1.x86_64",
"product": {
"name": "libopenssl3-3.1.4-8.1.x86_64",
"product_id": "libopenssl3-3.1.4-8.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.1.4-8.1.x86_64",
"product": {
"name": "openssl-3-3.1.4-8.1.x86_64",
"product_id": "openssl-3-3.1.4-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64"
},
"product_reference": "libopenssl3-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x"
},
"product_reference": "libopenssl3-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64"
},
"product_reference": "libopenssl3-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-8.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64"
},
"product_reference": "openssl-3-3.1.4-8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-8.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x"
},
"product_reference": "openssl-3-3.1.4-8.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.1.4-8.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
},
"product_reference": "openssl-3-3.1.4-8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-13T11:05:04Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-devel-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl-3-fips-provider-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:libopenssl3-3.1.4-8.1.x86_64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.aarch64",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.s390x",
"SUSE Linux Micro 6.0:openssl-3-3.1.4-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-13T11:05:04Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
suse-su-2025:02042-1
Vulnerability from csaf_suse
Published
2025-06-20 10:38
Modified
2025-06-20 10:38
Summary
Security update for openssl-3
Notes
Title of the patch
Security update for openssl-3
Description of the patch
This update for openssl-3 fixes the following issues:
- CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459).
- CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. (bsc#1236599)
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136)
Patchnames
SUSE-2025-2042,SUSE-SLE-Module-Basesystem-15-SP7-2025-2042
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for openssl-3",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for openssl-3 fixes the following issues:\n\n- CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA (bsc#1243459).\n- CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don\u0027t abort as expected. (bsc#1236599)\n- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2042,SUSE-SLE-Module-Basesystem-15-SP7-2025-2042",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02042-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02042-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502042-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02042-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040404.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236136",
"url": "https://bugzilla.suse.com/1236136"
},
{
"category": "self",
"summary": "SUSE Bug 1236599",
"url": "https://bugzilla.suse.com/1236599"
},
{
"category": "self",
"summary": "SUSE Bug 1243459",
"url": "https://bugzilla.suse.com/1243459"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12797 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-13176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-13176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
}
],
"title": "Security update for openssl-3",
"tracking": {
"current_release_date": "2025-06-20T10:38:46Z",
"generator": {
"date": "2025-06-20T10:38:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02042-1",
"initial_release_date": "2025-06-20T10:38:46Z",
"revision_history": [
{
"date": "2025-06-20T10:38:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.aarch64",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.aarch64",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.aarch64",
"product_id": "openssl-3-3.2.3-150700.5.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-devel-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product_id": "libopenssl-3-devel-64bit-3.2.3-150700.5.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product": {
"name": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product_id": "libopenssl-3-fips-provider-64bit-3.2.3-150700.5.5.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libopenssl3-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product": {
"name": "libopenssl3-64bit-3.2.3-150700.5.5.1.aarch64_ilp32",
"product_id": "libopenssl3-64bit-3.2.3-150700.5.5.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.i586",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.i586",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.i586",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.i586",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.i586"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.i586",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.i586",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.i586"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.i586",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.i586",
"product_id": "openssl-3-3.2.3-150700.5.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "openssl-3-doc-3.2.3-150700.5.5.1.noarch",
"product": {
"name": "openssl-3-doc-3.2.3-150700.5.5.1.noarch",
"product_id": "openssl-3-doc-3.2.3-150700.5.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.ppc64le",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.ppc64le",
"product_id": "openssl-3-3.2.3-150700.5.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.s390x",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.s390x",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.s390x",
"product_id": "openssl-3-3.2.3-150700.5.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl3-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl3-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"product_id": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.2.3-150700.5.5.1.x86_64",
"product": {
"name": "openssl-3-3.2.3-150700.5.5.1.x86_64",
"product_id": "openssl-3-3.2.3-150700.5.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl3-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.2.3-150700.5.5.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
},
"product_reference": "openssl-3-3.2.3-150700.5.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12797"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don\u0027t abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server\u0027s RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12797",
"url": "https://www.suse.com/security/cve/CVE-2024-12797"
},
{
"category": "external",
"summary": "SUSE Bug 1236599 for CVE-2024-12797",
"url": "https://bugzilla.suse.com/1236599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T10:38:46Z",
"details": "important"
}
],
"title": "CVE-2024-12797"
},
{
"cve": "CVE-2024-13176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-13176"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-13176",
"url": "https://www.suse.com/security/cve/CVE-2024-13176"
},
{
"category": "external",
"summary": "SUSE Bug 1236136 for CVE-2024-13176",
"url": "https://bugzilla.suse.com/1236136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T10:38:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-13176"
},
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-devel-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl-3-fips-provider-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libopenssl3-32bit-3.2.3-150700.5.5.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:openssl-3-3.2.3-150700.5.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-20T10:38:46Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
}
]
}
opensuse-su-2025:15183-1
Vulnerability from csaf_opensuse
Published
2025-05-30 00:00
Modified
2025-05-30 00:00
Summary
libopenssl-3-devel-3.5.0-3.1 on GA media
Notes
Title of the patch
libopenssl-3-devel-3.5.0-3.1 on GA media
Description of the patch
These are all security issues fixed in the libopenssl-3-devel-3.5.0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15183
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libopenssl-3-devel-3.5.0-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libopenssl-3-devel-3.5.0-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15183",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15183-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15183-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZEDUJCGPRD4X4W7AN2MXWCAGTZM7PP7E/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15183-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZEDUJCGPRD4X4W7AN2MXWCAGTZM7PP7E/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27587 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4575 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4575/"
}
],
"title": "libopenssl-3-devel-3.5.0-3.1 on GA media",
"tracking": {
"current_release_date": "2025-05-30T00:00:00Z",
"generator": {
"date": "2025-05-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15183-1",
"initial_release_date": "2025-05-30T00:00:00Z",
"revision_history": [
{
"date": "2025-05-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl-3-devel-3.5.0-3.1.aarch64",
"product_id": "libopenssl-3-devel-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"product_id": "libopenssl-3-devel-32bit-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"product_id": "libopenssl-3-fips-provider-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl3-3.5.0-3.1.aarch64",
"product_id": "libopenssl3-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl3-32bit-3.5.0-3.1.aarch64",
"product_id": "libopenssl3-32bit-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"product_id": "libopenssl3-x86-64-v3-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-3.1.aarch64",
"product": {
"name": "openssl-3-3.5.0-3.1.aarch64",
"product_id": "openssl-3-3.5.0-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.0-3.1.aarch64",
"product": {
"name": "openssl-3-doc-3.5.0-3.1.aarch64",
"product_id": "openssl-3-doc-3.5.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-3.5.0-3.1.ppc64le",
"product_id": "libopenssl-3-devel-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"product_id": "libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl3-3.5.0-3.1.ppc64le",
"product_id": "libopenssl3-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl3-32bit-3.5.0-3.1.ppc64le",
"product_id": "libopenssl3-32bit-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"product_id": "libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-3.1.ppc64le",
"product": {
"name": "openssl-3-3.5.0-3.1.ppc64le",
"product_id": "openssl-3-3.5.0-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.0-3.1.ppc64le",
"product": {
"name": "openssl-3-doc-3.5.0-3.1.ppc64le",
"product_id": "openssl-3-doc-3.5.0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl-3-devel-3.5.0-3.1.s390x",
"product_id": "libopenssl-3-devel-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"product_id": "libopenssl-3-devel-32bit-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"product_id": "libopenssl-3-fips-provider-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl3-3.5.0-3.1.s390x",
"product_id": "libopenssl3-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl3-32bit-3.5.0-3.1.s390x",
"product_id": "libopenssl3-32bit-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"product_id": "libopenssl3-x86-64-v3-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-3.1.s390x",
"product": {
"name": "openssl-3-3.5.0-3.1.s390x",
"product_id": "openssl-3-3.5.0-3.1.s390x"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.0-3.1.s390x",
"product": {
"name": "openssl-3-doc-3.5.0-3.1.s390x",
"product_id": "openssl-3-doc-3.5.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libopenssl-3-devel-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl-3-devel-3.5.0-3.1.x86_64",
"product_id": "libopenssl-3-devel-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"product_id": "libopenssl-3-devel-32bit-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"product_id": "libopenssl-3-fips-provider-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"product_id": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"product_id": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl3-3.5.0-3.1.x86_64",
"product_id": "libopenssl3-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-32bit-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl3-32bit-3.5.0-3.1.x86_64",
"product_id": "libopenssl3-32bit-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"product": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"product_id": "libopenssl3-x86-64-v3-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-3.5.0-3.1.x86_64",
"product": {
"name": "openssl-3-3.5.0-3.1.x86_64",
"product_id": "openssl-3-3.5.0-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "openssl-3-doc-3.5.0-3.1.x86_64",
"product": {
"name": "openssl-3-doc-3.5.0-3.1.x86_64",
"product_id": "openssl-3-doc-3.5.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl-3-devel-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl-3-devel-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl-3-devel-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-devel-32bit-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl3-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl3-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl3-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl3-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl3-32bit-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl3-32bit-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl3-32bit-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-32bit-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl3-32bit-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libopenssl3-x86-64-v3-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64"
},
"product_reference": "libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64"
},
"product_reference": "openssl-3-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le"
},
"product_reference": "openssl-3-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x"
},
"product_reference": "openssl-3-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64"
},
"product_reference": "openssl-3-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64"
},
"product_reference": "openssl-3-doc-3.5.0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le"
},
"product_reference": "openssl-3-doc-3.5.0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x"
},
"product_reference": "openssl-3-doc-3.5.0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openssl-3-doc-3.5.0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
},
"product_reference": "openssl-3-doc-3.5.0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27587"
}
],
"notes": [
{
"category": "general",
"text": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27587",
"url": "https://www.suse.com/security/cve/CVE-2025-27587"
},
{
"category": "external",
"summary": "SUSE Bug 1240366 for CVE-2025-27587",
"url": "https://bugzilla.suse.com/1240366"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-27587"
},
{
"cve": "CVE-2025-4575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4575"
}
],
"notes": [
{
"category": "general",
"text": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4575",
"url": "https://www.suse.com/security/cve/CVE-2025-4575"
},
{
"category": "external",
"summary": "SUSE Bug 1243564 for CVE-2025-4575",
"url": "https://bugzilla.suse.com/1243564"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-devel-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl-3-fips-provider-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-32bit-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:libopenssl3-x86-64-v3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-3.5.0-3.1.x86_64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.aarch64",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.ppc64le",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.s390x",
"openSUSE Tumbleweed:openssl-3-doc-3.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4575"
}
]
}
fkie_cve-2025-27587
Vulnerability from fkie_nvd
Published
2025-06-16 22:15
Modified
2025-06-26 17:15
Severity ?
Summary
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system."
},
{
"lang": "es",
"value": "OpenSSL 3.0.0 a 3.3.2 en la arquitectura PowerPC es vulnerable a un ataque Minerva. Este ataque se puede explotar midiendo el tiempo de firma de mensajes aleatorios mediante la API EVP_DigestSign y, posteriormente, utilizando la clave privada para extraer el valor K (nonce) de las firmas. A continuaci\u00f3n, bas\u00e1ndose en el tama\u00f1o en bits del nonce extra\u00eddo, se puede comparar el tiempo de firma de nonces de tama\u00f1o completo con el de firmas que utilizan nonces m\u00e1s peque\u00f1os mediante pruebas estad\u00edsticas. Existe un canal lateral en la curva P-364 que permite la extracci\u00f3n de la clave privada (adem\u00e1s, existe una dependencia entre el tama\u00f1o en bits de K y el tama\u00f1o del canal lateral). NOTA: Esta CVE es controvertida porque la pol\u00edtica de seguridad de OpenSSL indica expl\u00edcitamente que cualquier canal lateral que requiera la detecci\u00f3n del mismo sistema f\u00edsico queda fuera del modelo de amenazas del software. La se\u00f1al de tiempo es tan peque\u00f1a que es imposible detectarla sin que el proceso atacante se ejecute en el mismo sistema f\u00edsico."
}
],
"id": "CVE-2025-27587",
"lastModified": "2025-06-26T17:15:30.497",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-16T22:15:44.093",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/openssl/openssl/issues/24253"
},
{
"source": "cve@mitre.org",
"url": "https://minerva.crocs.fi.muni.cz"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-385"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
ghsa-jqr3-3jm7-r6cm
Vulnerability from github
Published
2025-06-17 00:30
Modified
2025-06-26 18:31
Severity ?
VLAI Severity ?
Details
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.
{
"affected": [],
"aliases": [
"CVE-2025-27587"
],
"database_specific": {
"cwe_ids": [
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-16T22:15:44Z",
"severity": "MODERATE"
},
"details": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.",
"id": "GHSA-jqr3-3jm7-r6cm",
"modified": "2025-06-26T18:31:19Z",
"published": "2025-06-17T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27587"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/issues/24253"
},
{
"type": "WEB",
"url": "https://minerva.crocs.fi.muni.cz"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…