Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: FEDORA-2025-f8be7978e3 critical: openssl update fix

fedora
Calendar Grey February 8, 2025
Dist Fedora Esm H88
Fedora upgrades the openssl library to address vulnerabilities and recompiles affected software, strengthening the security of device registration.
Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105

Summary

A rust implementation of the FIDO Device Onboard Specification.

Update Information:

Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate.

Topics%20covered

Topics Covered

security advisory update Fedora security fix RUSTSEC openssl crate fido device onboarding

Change Log

* Thu Feb 6 2025 Fabio Valentini - 0.5.1-2 - Rebuild for openssl crate >= v0.10.70 (RUSTSEC-2025-0004)

References


[ 1 ] Bug #2343479 - CVE-2025-0977 rust-openssl: ssl::select_next_proto use after free [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2343479

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f8be7978e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: fido-device-onboard
Product: Fedora 41
Version: 0.5.1
Release: 2.fc41
URL: https://github.com/fdo-rs/fido-device-onboard-rs
Summary: A rust implementation of the FIDO Device Onboard Specification

Topics%20covered

Topics Covered

security advisory update Fedora security fix RUSTSEC openssl crate fido device onboarding

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here