SUSE-SU-2026:1429-1

This update for openssl-3 fixes the following issue:

• CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678).