Your message dated Sun, 31 Aug 2025 11:32:24 +0000
with message-id <[email protected]>
and subject line Bug#1109549: fixed in wolfssl 5.5.4-2+deb12u2
has caused the Debian Bug report #1109549,
regarding wolfssl: CVE-2025-7394
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109549: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109549
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: wolfssl
Version: 5.7.2-0.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for wolfssl.
CVE-2025-7394[0]:
| In the OpenSSL compatibility layer implementation, the function
| RAND_poll() was not behaving as expected and leading to the
| potential for predictable values returned from RAND_bytes() after
| fork() is called. This can lead to weak or predictable random
| numbers generated in applications that are both using RAND_bytes()
| and doing fork() operations. This only affects applications
| explicitly calling RAND_bytes() after fork() and does not affect any
| internal TLS operations. Although RAND_bytes() documentation in
| OpenSSL calls out not being safe for use with fork() without first
| calling RAND_poll(), an additional code change was also made in
| wolfSSL to make RAND_bytes() behave similar to OpenSSL after a
| fork() call without calling RAND_poll(). Now the Hash-DRBG used gets
| reseeded after detecting running in a new process. If making use of
| RAND_bytes() and calling fork() we recommend updating to the latest
| version of wolfSSL. Thanks to Per Allansson from Appgate for the
| report.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-7394
https://www.cve.org/CVERecord?id=CVE-2025-7394
[1]
https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: wolfssl
Source-Version: 5.5.4-2+deb12u2
Done: Bastian Germann <[email protected]>
We believe that the bug you reported is fixed in the latest version of
wolfssl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <[email protected]> (supplier of updated wolfssl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 11 Aug 2025 10:16:46 +0200
Source: wolfssl
Architecture: source
Version: 5.5.4-2+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Jacob Barthelmeh <[email protected]>
Changed-By: Bastian Germann <[email protected]>
Closes: 1109549
Changes:
wolfssl (5.5.4-2+deb12u2) bookworm; urgency=medium
.
* Stable update to address the following vulnerabilities:
- Fix CVE-2025-7394. (Closes: #1109549)
Checksums-Sha1:
b27ad9ddbfab69040442b6c851b5ba753db3193c 2058 wolfssl_5.5.4-2+deb12u2.dsc
055d200842c531d9c4e677106d258237313a3b3e 32948
wolfssl_5.5.4-2+deb12u2.debian.tar.xz
8f615c242c5f2d8db35b963c9c48c4d90601e004 5293
wolfssl_5.5.4-2+deb12u2_source.buildinfo
Checksums-Sha256:
6178aa12a802e9365505f21be6855c7f154e1f39d74d942a19d41c3681d30068 2058
wolfssl_5.5.4-2+deb12u2.dsc
f19eb00d61dc48bce14e580848ece808f3d98295d057e695bea4053d694b5d36 32948
wolfssl_5.5.4-2+deb12u2.debian.tar.xz
1106dec31758cf75aad1e90200ec90e722dde5e07707f04b4bff23e30f2d4c92 5293
wolfssl_5.5.4-2+deb12u2_source.buildinfo
Files:
ef58be40bfbd354ed1ef304590048236 2058 libs optional wolfssl_5.5.4-2+deb12u2.dsc
a1d9ef7a0d54b3b56306bf8a9b3478db 32948 libs optional
wolfssl_5.5.4-2+deb12u2.debian.tar.xz
04fb29a5d6fdac13464d0d76451667e0 5293 libs optional
wolfssl_5.5.4-2+deb12u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmiz9B8QHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFFPnDACYCxNu9h00embwvUt9HaAH+Sh239YK8D4Y
DWZcZJ6GIMwfc0dhxPQPvg+76PvTRjj1FAXr807FwlL/miZ4OVV03P56mwCk9Zd+
9kA9gWdfOT5l5S/IH1nXmPfrM60dW5zZC5sL9aib8ha0N3j7Leq13zP6v5awhD0T
DJK57kcmxGU11Carw5MmE/rRddY9HD2HFhHwDmWNAbz0gPm39mVus5aldCi/z21H
vVW5CskYE/kiKLXQviIiMRjjPR+0j88iYKJDPxnkL5DXOxSsPsZo6Mk0db4kTDIL
Bdi0x2MGXB3R/qxO2ExPvtJQFlllXyK5Plg69JjGug/NnAhlrxQ9w8J+YCYvrNi/
rjcMYFoxjDjbhpzz3bMiFGWxPBj+dM0zEG9x/U/k6k9MANid4S/ptGiWCuwU0Goc
XhxZJXAUU+JXfPTDZ2zhoZFImowzVio8G6L+UVu32r2ebWrnjnSMS24l+lTMqxnt
yQHgV5GkAuwrH5X2oBPl29n9yUfBL2I=
=zH3h
-----END PGP SIGNATURE-----
pgpHwJV3FJS29.pgp
Description: PGP signature
--- End Message ---
