Patch CVE-2025-9230
Resolves: RHEL-115928
This commit is contained in:
Pavol Žáčik
parent
21557c00ee
commit
8da24472c2
33
0058-Fix-incorrect-check-of-unwrapped-key-size.patch
Normal file
33
0058-Fix-incorrect-check-of-unwrapped-key-size.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 9c462be2cea54ebfc62953224220b56f8ba22a0c Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Dukhovni <openssl-users@dukhovni.org>
|
||||
Date: Thu, 11 Sep 2025 18:10:12 +0200
|
||||
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
|
||||
|
||||
Fixes CVE-2025-9230
|
||||
|
||||
The check is off by 8 bytes so it is possible to overread by
|
||||
up to 8 bytes and overwrite up to 4 bytes.
|
||||
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
---
|
||||
crypto/cms/cms_pwri.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
|
||||
index 106bd98dc7..ba8646f93c 100644
|
||||
--- a/crypto/cms/cms_pwri.c
|
||||
+++ b/crypto/cms/cms_pwri.c
|
||||
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
|
||||
/* Check byte failure */
|
||||
goto err;
|
||||
}
|
||||
- if (inlen < (size_t)(tmp[0] - 4)) {
|
||||
+ if (inlen < 4 + (size_t)tmp[0]) {
|
||||
/* Invalid length value */
|
||||
goto err;
|
||||
}
|
||||
--
|
||||
2.51.0
|
||||
|
||||
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.5.1
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Epoch: 1
|
||||
Source0: openssl-%{version}.tar.gz
|
||||
Source1: fips-hmacify.sh
|
||||
@ -98,6 +98,7 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
|
||||
Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
|
||||
Patch0056: 0056-Speed-test-signatures-without-errors.patch
|
||||
Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch
|
||||
Patch0058: 0058-Fix-incorrect-check-of-unwrapped-key-size.patch
|
||||
|
||||
#The patches that are different for RHEL9 and 10 start here
|
||||
Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
|
||||
@ -456,6 +457,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu Oct 23 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-6
|
||||
- Fix CVE-2025-9230
|
||||
Resolves: RHEL-115928
|
||||
|
||||
* Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
|
||||
- Fix globally disabled LTO
|
||||
Related: RHEL-111633
|
||||
|
||||
Loading…
Reference in New Issue
Block a user