openssl-3.5.1-4.el9_7.ML.1
エラータID: AXSA:2025-11518:07
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-9230
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
Update packages.
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
N/A
SRPMS
- openssl-3.5.1-4.el9_7.ML.1.src.rpm
MD5: d7ef73e02d3a0d68e9f57094e88b9bc1
SHA-256: f57feab48ab7c3be2e01303ae9483f133f1c1445255a8e106d926949783ba4ac
Size: 50.90 MB
Asianux Server 9 for x86_64
- openssl-3.5.1-4.el9_7.ML.1.x86_64.rpm
MD5: 62c0c590022b80d5e58573df0f78635b
SHA-256: d37814cef8b9eba9d4017e2abb4cf01ab8220ce2c186edb455e44963d92f8008
Size: 1.46 MB - openssl-devel-3.5.1-4.el9_7.ML.1.i686.rpm
MD5: bae684d47779a67c73e4cc2fb5a5ccdf
SHA-256: d5510e031fc57392acc80e5f73668e2297a10abcdb0997dfe200a6bc77d1082c
Size: 3.60 MB - openssl-devel-3.5.1-4.el9_7.ML.1.x86_64.rpm
MD5: 288957231bcf06a6f5f0a3029e336918
SHA-256: 2579ce16f17e876aad01ebe65ef9f150a91aa3b0882472899db42ccfcc10ad06
Size: 3.60 MB - openssl-fips-provider-3.5.1-4.el9_7.ML.1.i686.rpm
MD5: 43a26e4805b6c5a22591d3a0cf5022c8
SHA-256: cd18497ea15af647377642e20780bc300711f7b20e7bc8aa55d85dcd34ea1d6a
Size: 703.12 kB - openssl-fips-provider-3.5.1-4.el9_7.ML.1.x86_64.rpm
MD5: 60651c61bd14ed71884f450a6c720faf
SHA-256: e9194aed69b213a43532f9455b55c1055c3f4812bde185990cb80ff0bdf7f7f7
Size: 811.42 kB - openssl-libs-3.5.1-4.el9_7.ML.1.i686.rpm
MD5: 5bebb0fb40ffa66a9f1cd6753afa332a
SHA-256: 66776f12938cda59bd4c306c6b6aa87eaa85eee332b8bb9438212b39d7f69ca8
Size: 2.29 MB - openssl-libs-3.5.1-4.el9_7.ML.1.x86_64.rpm
MD5: e6488813abefaaea8f90bd9c3d8c69f7
SHA-256: 19c921ac7d8ee842ddf68222c1073b39d0e16bd15f41b18e2f7d800ce1f9b929
Size: 2.30 MB - openssl-perl-3.5.1-4.el9_7.ML.1.x86_64.rpm
MD5: 84e62138e4fc6106b9494ea0e3ca5ada
SHA-256: ceab98ff43e2522588f6c2faa605b98b3caeea0316faf9aa51e37a97222c1bf2
Size: 27.78 kB
日本語