Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40: Fido-Device-Onboard Critical Openssl Fix FEDORA-2025-6f07616b52

fedora
Calendar Grey February 13, 2025
Dist Fedora Esm H88
The update for Fedora 40's security advisory brings crucial improvements to the `fido-device-onboard` package, particularly with OpenSSL updates, boosting secure app communications
Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105

Summary

A rust implementation of the FIDO Device Onboard Specification.

Update Information:

Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate.

Topics%20covered

Topics Covered

security advisory security issue Fedora software fix openssl rust crate code update

Change Log

* Thu Feb 6 2025 Fabio Valentini - 0.5.0-2 - Rebuild for openssl crate >= v0.10.70 (RUSTSEC-2025-0004)

References


[ 1 ] Bug #2343478 - CVE-2025-0977 rust-openssl: ssl::select_next_proto use after free [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2343478

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6f07616b52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: fido-device-onboard
Product: Fedora 40
Version: 0.5.0
Release: 2.fc40
URL: https://github.com/fdo-rs/fido-device-onboard-rs
Summary: A rust implementation of the FIDO Device Onboard Specification

Topics%20covered

Topics Covered

security advisory security issue Fedora software fix openssl rust crate code update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here