-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2026-8ec67a8105 2026-01-16 17:17:23.634394+00:00 --------------------------------------------------------------------------------
Name : libsodium Product : Fedora EPEL 9 Version : 1.0.18 Release : 9.el9 URL : http://libsodium.org/ Summary : The Sodium crypto library Description : Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. The design choices emphasize security, and "magic constants" have clear rationales. The same cannot be said of NIST curves, where the specific origins of certain constants are not described by the standards. And despite the emphasis on higher security, primitives are faster across-the-board than most implementations of the NIST standards. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-69277 libsodium: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 7 2026 Remi Collet <[email protected]> - 1.0.18-9 - Security: `crypto_core_ed25519_is_valid_point()` now properly rejects small-order points that are not in the main subgroup CVE-2025-69277 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2426616 - CVE-2025-69277 libsodium: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure. [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2426616 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update libsodium' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
