Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: libkrun 2025-f8be7978e3 critical: openssl buffer overflow

fedora
Calendar Grey February 8, 2025
Dist Fedora Esm H88
Enhance libkrun by integrating the latest OpenSSL updates for Fedora 41, focusing on critical security vulnerabilities such as RUSTSEC-2025-0004.
Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105

Summary

Dynamic library providing Virtualization-based process isolation capabilities.

Update Information:

Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and rebuilds of all packages that statically link the openssl crate.

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora threat mitigation RUSTSEC issue libkrun openssl crate

Change Log

* Thu Feb 6 2025 Fabio Valentini - 1.10.1-2 - Rebuild for openssl crate >= v0.10.70 (RUSTSEC-2025-0004)

References


[ 1 ] Bug #2343479 - CVE-2025-0977 rust-openssl: ssl::select_next_proto use after free [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2343479

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f8be7978e3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libkrun
Product: Fedora 41
Version: 1.10.1
Release: 2.fc41
URL: https://github.com/containers/libkrun
Summary: Dynamic library providing Virtualization-based process isolation capabilities

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora threat mitigation RUSTSEC issue libkrun openssl crate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here