Fedora 42 update for clevis-pin-tpm2, dbus-parsec, envision, fido-device-onboard, gotify-desktop, keylime-agent-rust, keyring-ima-signer, libkrun, python-cryptography, rust-afterburn, rust-cargo-vendor-filterer, rust-crypto-auditing-agent, rust-eif_build,
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2025-0977 |
| CWE-ID | CWE-125 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Fedora Operating systems & Components / Operating system trustee-guest-components Operating systems & Components / Operating system package or component s390utils Operating systems & Components / Operating system package or component rustup Operating systems & Components / Operating system package or component rust-tealdeer Operating systems & Components / Operating system package or component rust-snphost Operating systems & Components / Operating system package or component rust-sevctl Operating systems & Components / Operating system package or component rust-sequoia-sqv Operating systems & Components / Operating system package or component rust-sequoia-sq Operating systems & Components / Operating system package or component rust-sequoia-sop Operating systems & Components / Operating system package or component rust-sequoia-policy-config Operating systems & Components / Operating system package or component rust-sequoia-octopus-librnp Operating systems & Components / Operating system package or component rust-sequoia-keyring-linter Operating systems & Components / Operating system package or component rust-rpm-sequoia Operating systems & Components / Operating system package or component rust-pore Operating systems & Components / Operating system package or component rust-openssl-sys Operating systems & Components / Operating system package or component rust-openssl Operating systems & Components / Operating system package or component rust-oo7-cli Operating systems & Components / Operating system package or component rust-nu Operating systems & Components / Operating system package or component rust-gst-plugin-reqwest Operating systems & Components / Operating system package or component rust-eif_build Operating systems & Components / Operating system package or component rust-crypto-auditing-agent Operating systems & Components / Operating system package or component rust-cargo-vendor-filterer Operating systems & Components / Operating system package or component rust-afterburn Operating systems & Components / Operating system package or component python-cryptography Operating systems & Components / Operating system package or component libkrun Operating systems & Components / Operating system package or component keyring-ima-signer Operating systems & Components / Operating system package or component keylime-agent-rust Operating systems & Components / Operating system package or component gotify-desktop Operating systems & Components / Operating system package or component fido-device-onboard Operating systems & Components / Operating system package or component envision Operating systems & Components / Operating system package or component dbus-parsec Operating systems & Components / Operating system package or component clevis-pin-tpm2 Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU108061
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-0977
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ssl::select_next_proto. A remote attacker can initiate connection with the server, trigger an out-of-bounds read error and read contents of memory on the system or perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 42
trustee-guest-components: before 0.10.0^124.git0061d03-2.fc42
s390utils: before 2.35.0-5.fc42
rustup: before 1.27.1-6.fc42
rust-tealdeer: before 1.7.1-3.fc42
rust-snphost: before 0.5.0-3.fc42
rust-sevctl: before 0.6.0-4.fc42
rust-sequoia-sqv: before 1.2.1-6.fc42
rust-sequoia-sq: before 1.1.0-4.fc42
rust-sequoia-sop: before 0.36.0-3.fc42
rust-sequoia-policy-config: before 0.7.0-3.fc42
rust-sequoia-octopus-librnp: before 1.10.0-6.fc42
rust-sequoia-keyring-linter: before 1.0.1-10.fc42
rust-rpm-sequoia: before 1.7.0-5.fc42
rust-pore: before 0.1.17-5.fc42
rust-openssl-sys: before 0.9.105-1.fc42
rust-openssl: before 0.10.70-1.fc42
rust-oo7-cli: before 0.3.3-4.fc42
rust-nu: before 0.99.1-7.fc42
rust-gst-plugin-reqwest: before 0.13.3-3.fc42
rust-eif_build: before 0.2.1-3.fc42
rust-crypto-auditing-agent: before 0.2.3-3.fc42
rust-cargo-vendor-filterer: before 0.5.17-2.fc42
rust-afterburn: before 5.7.0-3.fc42
python-cryptography: before 44.0.0-3.fc42
libkrun: before 1.10.1-2.fc42
keyring-ima-signer: before 0.1.0-17.fc42
keylime-agent-rust: before 0.2.7-4.fc42
gotify-desktop: before 1.3.7-4.fc42
fido-device-onboard: before 0.5.1-3.fc42
envision: before 2.0.0-4.20241209git2.0.0.fc42
dbus-parsec: before 0.5.0-3.fc42
clevis-pin-tpm2: before 0.5.3-9.fc42
CPE2.3- cpe:2.3:o:fedoraproject:fedora:42:*:*:*:*:*:*:*
- cpe:2.3:a:fedoraproject:trustee-guest-components:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:s390utils:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rustup:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-tealdeer:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-snphost:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sevctl:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sequoia-sqv:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sequoia-sq:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sequoia-sop:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sequoia-policy-config:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sequoia-octopus-librnp:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-sequoia-keyring-linter:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-rpm-sequoia:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-pore:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-openssl-sys:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-openssl:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-oo7-cli:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-nu:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-gst-plugin-reqwest:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-eif_build:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-crypto-auditing-agent:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-cargo-vendor-filterer:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:rust-afterburn:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:python-cryptography:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:libkrun:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:keyring-ima-signer:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:keylime-agent-rust:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:gotify-desktop:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:fido-device-onboard:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:envision:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:dbus-parsec:*:*:*:*:*:fedora:*:*
- cpe:2.3:a:fedoraproject:clevis-pin-tpm2:*:*:*:*:*:fedora:*:*
https://bodhi.fedoraproject.org/updates/FEDORA-2025-12e84667f4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
