Explore top 10 tips to secure your open-source projects now. Read More
×
This update for python-PyNaCl fixes the following issues:
Security fixes:
- CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to
crypto_core_ed25519_is_valid_point function (bsc#1255764).
Other fixes:
- update to 1.6.2 (bsc#1255764, CVE-2025-69277):
* Updated libsodium to 1.0.20-stable (2025-12-31 build)
- Update to 1.6.1
* The ``MAKE`` environment variable can now be used to specify
the ``make`` binary that should be used in the build process.
- update to 1.6.0:
* BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and
3.7.
* Added support for the low level AEAD AES bindings.
* Added support for crypto_core_ed25519_from_uniform.
* Update libsodium to 1.0.20-stable (2025-08-27 build).
* Added support for free-threaded Python 3.14.
* Added support for Windows on ARM wheels.
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- python-PyNaCl requires python-cffi [bsc#1161557]
Patch instructions:
...
Read the Full Advisory- openSUSE Leap 16.0:
python313-PyNaCl-1.6.2-160000.1.1
* bsc#1161557
* bsc#1199282
* bsc#1255764
References:
* https://www.suse.com/security/cve/CVE-2025-69277.html
Get the latest Linux and open source security news straight to your inbox.