import UBI openssl-3.5.1-4.el10_1
This commit is contained in:
parent
a4d8d8bceb
commit
a0b02a89f4
33
0056-Fix-incorrect-check-of-unwrapped-key-size.patch
Normal file
33
0056-Fix-incorrect-check-of-unwrapped-key-size.patch
Normal file
@ -0,0 +1,33 @@
|
||||
From 9c462be2cea54ebfc62953224220b56f8ba22a0c Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Dukhovni <openssl-users@dukhovni.org>
|
||||
Date: Thu, 11 Sep 2025 18:10:12 +0200
|
||||
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
|
||||
|
||||
Fixes CVE-2025-9230
|
||||
|
||||
The check is off by 8 bytes so it is possible to overread by
|
||||
up to 8 bytes and overwrite up to 4 bytes.
|
||||
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
---
|
||||
crypto/cms/cms_pwri.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
|
||||
index 106bd98dc7..ba8646f93c 100644
|
||||
--- a/crypto/cms/cms_pwri.c
|
||||
+++ b/crypto/cms/cms_pwri.c
|
||||
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
|
||||
/* Check byte failure */
|
||||
goto err;
|
||||
}
|
||||
- if (inlen < (size_t)(tmp[0] - 4)) {
|
||||
+ if (inlen < 4 + (size_t)tmp[0]) {
|
||||
/* Invalid length value */
|
||||
goto err;
|
||||
}
|
||||
--
|
||||
2.51.0
|
||||
|
||||
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.5.1
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Epoch: 1
|
||||
Source0: openssl-%{version}.tar.gz
|
||||
Source1: fips-hmacify.sh
|
||||
@ -97,6 +97,7 @@ Patch0053: 0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch
|
||||
%endif
|
||||
Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
|
||||
Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
|
||||
Patch0056: 0056-Fix-incorrect-check-of-unwrapped-key-size.patch
|
||||
|
||||
License: Apache-2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -453,6 +454,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Wed Oct 22 2025 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.1-4
|
||||
- Fix CVE-2025-9230
|
||||
Resolves: RHEL-115885
|
||||
|
||||
* Thu Jul 24 2025 Simo Sorce <simo@redhat.com> - 1:3.5.1-3
|
||||
- Add custom define to disable symbol versioning in downstream patched code
|
||||
Also add stricter Suggests for openssl-fips-provider
|
||||
|
||||
Loading…
Reference in New Issue
Block a user