Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: 2025-6f07616b52 critical: openssl use after free

fedora
Calendar Grey February 13, 2025
Dist Fedora Esm H88
Fedora 40 users, an urgent update is available to fix security issues with OpenSSL, including vital version upgrades and patches for data protection
Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105

Summary

OpenSSL bindings.

Update Information:

Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate.

Topics%20covered

Topics Covered

security advisory security issue update Fedora doS openssl RUSTSEC-2025

Change Log

* Wed Feb 5 2025 Fabio Valentini - 0.10.70-1 - Update to version 0.10.70; Fixes RHBZ#2343421

References


[ 1 ] Bug #2343478 - CVE-2025-0977 rust-openssl: ssl::select_next_proto use after free [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2343478

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6f07616b52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-openssl
Product: Fedora 40
Version: 0.10.70
Release: 1.fc40
URL: https://crates.io/crates/openssl
Summary: OpenSSL bindings

Topics%20covered

Topics Covered

security advisory security issue update Fedora doS openssl RUSTSEC-2025

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here