Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 41: Fix for Critical Padding Oracle Attack in mbedtls Update

fedora
Calendar Grey November 7, 2025
Dist Fedora Esm H88
Critical mbedtls security update for Fedora 41 addresses padding oracle issues. Upgrade recommended.
Backport CVE fixes from 3.6

Summary

Mbed TLS is a light-weight open source cryptographic and SSL/TLS

library written in C. Mbed TLS makes it easy for developers to include

cryptographic and SSL/TLS capabilities in their (embedded)

applications with as little hassle as possible.

Update Information:

Backport CVE fixes from 3.6

Topics%20covered

Topics Covered

security advisory fedora critical timing attack ciphers mbedtls

Change Log

* Sat Nov 1 2025 Jeremy Newton - 2.28.10-2 - Backport CVE fixes from 3.6 * Sat Nov 1 2025 Jeremy Newton - 2.28.10-1 - Update to 2.28.10

References


[ 1 ] Bug #2405368 - CVE-2025-59438 mbedtls: MbedTLS Padding oracle through timing of cipher error reporting [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405368

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-fe7ea8bbdd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mbedtls
Product: Fedora 41
Version: 2.28.10
Release: 2.fc41
URL: https://www.trustedfirmware.org/projects/mbed-tls
Summary: Light-weight cryptographic and SSL/TLS library

Topics%20covered

Topics Covered

security advisory fedora critical timing attack ciphers mbedtls

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here