rpms/openssl
7
1
Fork 1
Code Issues Pull Requests Releases Activity

Patch CVE-2025-9230

Browse Source 
Resolves: RHEL-115928
This commit is contained in:
Pavol Žáčik 2025-10-23 09:42:01 +02:00
parent 21557c00ee
commit 8da24472c2
No known key found for this signature in database
GPG Key ID: 4EE16C6E333F70A8
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
0058-Fix-incorrect-check-of-unwrapped-key-size.patch Normal file
View File

@ -0,0 +1,33 @@
From 9c462be2cea54ebfc62953224220b56f8ba22a0c Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 11 Sep 2025 18:10:12 +0200
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
Fixes CVE-2025-9230
The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
---
crypto/cms/cms_pwri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 106bd98dc7..ba8646f93c 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Check byte failure */
goto err;
}
- if (inlen < (size_t)(tmp[0] - 4)) {
+ if (inlen < 4 + (size_t)tmp[0]) {
/* Invalid length value */
goto err;
}
--
2.51.0

7
openssl.spec
View File

@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl Name: openssl
Version: 3.5.1 Version: 3.5.1
Release: 5%{?dist} Release: 6%{?dist}
Epoch: 1 Epoch: 1
Source0: openssl-%{version}.tar.gz Source0: openssl-%{version}.tar.gz
Source1: fips-hmacify.sh Source1: fips-hmacify.sh
@ -98,6 +98,7 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
Patch0056: 0056-Speed-test-signatures-without-errors.patch Patch0056: 0056-Speed-test-signatures-without-errors.patch
Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch Patch0057: 0057-Targets-to-skip-build-of-non-installable-programs.patch
Patch0058: 0058-Fix-incorrect-check-of-unwrapped-key-size.patch
#The patches that are different for RHEL9 and 10 start here #The patches that are different for RHEL9 and 10 start here
Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
@ -456,6 +457,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Thu Oct 23 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-6
- Fix CVE-2025-9230
Resolves: RHEL-115928
* Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5 * Fri Sep 05 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-5
- Fix globally disabled LTO - Fix globally disabled LTO
Related: RHEL-111633 Related: RHEL-111633