Explore top 10 tips to secure your open-source projects now. Read More
×
This update for libsodium fixes the following issues:
Security fixes:
- CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to
crypto_core_ed25519_is_valid_point function (bsc#1255764).
Other fixes:
- Update to 1.0.21
* The new crypto_ipcrypt_* functions implement mechanisms for securely
encrypting and anonymizing IP addresses.
* The sodium_bin2ip and sodium_ip2bin helper functions have been added to
complement the crypto_ipcrypt_* functions and easily convert addresses
between bytes and strings.
* XOF: the crypto_xof_shake* and crypto_xof_turboshake* functions are
* standard
extendable output functions. From input of any length, they can derive
output of any length with the same properties as hash functions. These
primitives are required by many post-quantum mechanisms, but can also be
used for a wide range of...
Read the Full Advisory- openSUSE Leap 16.0:
libsodium-devel-1.0.21-160000.1.1
libsodium26-1.0.21-160000.1.1
* bsc#1255764
* bsc#1256070
References:
* https://www.suse.com/security/cve/CVE-2025-15444.html
* https://www.suse.com/security/cve/CVE-2025-69277.html
Get the latest Linux and open source security news straight to your inbox.