Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 531
Alerts This Week
Warning Icon 1 531

Fedora 41: openbao 2.4.4 Important Security Issues DoS 2025-45a7dd8f10

fedora
Calendar Grey December 3, 2025
Scroller Fedora Esm H88
Update to openbao 2.4.4 in Fedora 41 addresses multiple security issues. Stay secure by upgrading now.
update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag

Summary

Openbao secures, stores, and tightly controls access to tokens, passwords,

certificates, API keys, and other secrets in modern computing. Openbao handles

leasing, key revocation, key rolling, and auditing. Through a unified API, users

can access an encrypted Key/Value store and network encryption-as-a-service, or

generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH

credentials, and more.

Update Information:

update to upstream 2.4.4, which fixed CVE-2025-64761 Adds hsm tag. The fedora-41 build was done with golang-1.24.10 which fixed CVE-2025-58189, CVE-2025-61725, CVE-2025-61723, CVE-2025-58185, and CVE-2025-58183.

Change Log

* Mon Nov 24 2025 Dave Dykstra <2129743+DrDaveD@users.noreply.github.com> - 2.4.4-1 - update to 2.4.4 * Tue Nov 18 2025 Dave Dykstra <2129743+DrDaveD@users.noreply.github.com> - 2.4.3-2 - add hsm build tag

References


[ 1 ] Bug #2407806 - CVE-2025-58189 openbao: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2407806 [ 2 ] Bug #2408617 - CVE-2025-61725 openbao: Excessive CPU consumption in ParseAddress in net/mail [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2408617 [ 3 ] Bug #2409256 - CVE-2025-61723 openbao: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2409256 [ 4 ] Bug #2410221 - CVE-2025-58185 openbao: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2410221 [ 5 ] Bug #2412574 - CVE-2025-58183 openbao: Unbounded allocation when parsing GNU sparse map [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2412574

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-45a7dd8f10' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: openbao
Product: Fedora 41
Version: 2.4.4
Release: 1.fc41
Summary: A tool for securely accessing secrets

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.