Patch CVE-2025-9230
Resolves: RHEL-115883
This commit is contained in:
Pavol Žáčik
parent
b3a1d7764e
commit
4cf5738ac1
33
0059-Fix-incorrect-check-of-unwrapped-key-size.patch
Normal file
33
0059-Fix-incorrect-check-of-unwrapped-key-size.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 9c462be2cea54ebfc62953224220b56f8ba22a0c Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Dukhovni <openssl-users@dukhovni.org>
|
||||
Date: Thu, 11 Sep 2025 18:10:12 +0200
|
||||
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
|
||||
|
||||
Fixes CVE-2025-9230
|
||||
|
||||
The check is off by 8 bytes so it is possible to overread by
|
||||
up to 8 bytes and overwrite up to 4 bytes.
|
||||
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
---
|
||||
crypto/cms/cms_pwri.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
|
||||
index 106bd98dc7..ba8646f93c 100644
|
||||
--- a/crypto/cms/cms_pwri.c
|
||||
+++ b/crypto/cms/cms_pwri.c
|
||||
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
|
||||
/* Check byte failure */
|
||||
goto err;
|
||||
}
|
||||
- if (inlen < (size_t)(tmp[0] - 4)) {
|
||||
+ if (inlen < 4 + (size_t)tmp[0]) {
|
||||
/* Invalid length value */
|
||||
goto err;
|
||||
}
|
||||
--
|
||||
2.51.0
|
||||
|
||||
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.5.1
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Epoch: 1
|
||||
Source0: openssl-%{version}.tar.gz
|
||||
Source1: fips-hmacify.sh
|
||||
@ -100,6 +100,7 @@ Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
|
||||
Patch0056: 0056-Speed-test-signatures-without-errors.patch
|
||||
Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch
|
||||
Patch0058: 0058-aes-s390x.pl-Initialize-reserved-and-unused-memory.patch
|
||||
Patch0059: 0059-Fix-incorrect-check-of-unwrapped-key-size.patch
|
||||
|
||||
License: Apache-2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -460,6 +461,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Wed Oct 22 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-6
|
||||
- Fix CVE-2025-9230
|
||||
Resolves: RHEL-115883
|
||||
|
||||
* Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
|
||||
- Fix globally disabled LTO
|
||||
Related: RHEL-111634
|
||||
|
||||
Loading…
Reference in New Issue
Block a user