SB2025100644 - Fedora 41 update for openssl
Published: October 6, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Out-of-bounds write (CVE-ID: CVE-2025-9230)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when trying to decrypt CMS messages encrypted using password based encryption. A remote attacker can trigger an out-of-bounds write and execute arbitrary code on the target system.
Successful exploitation of the vulnerability requires that password based (PWRI) encryption support in CMS messages is enabled.
2) Covert Timing Channel (CVE-ID: CVE-2025-9231)
CWE-ID: CWE-385 - Covert Timing Channel
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to timing side-channel in SM2 signature computations on 64 bit ARM platforms. A remote attacker can recover the private key and decrypt data.
3) Out-of-bounds read (CVE-ID: CVE-2025-9232)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition in OpenSSL HTTP client API functions if the "no_proxy" environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.