Don't crash on parsing PKCS#12 without MAC Resolves: CVE-2025-11187 Resolves: CVE-2025-15467 Resolves: CVE-2025-69419
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2026-9bb4c555f1Please log in to add feedback.
This update has been submitted for testing by dbelyavs.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
Verified that the applied commits are backports from upstream:
0141-not-crash-on-PKCS1-nomac.patch: Backport of https://github.com/openssl/openssl/commit/8ad98cce41aa8a6278f7ade6ad2f70b80b194b720142-CVE-2025-11187.patch: Combined backport of https://github.com/openssl/openssl/commit/f3652dff2faab0c0a197fa140984103c0b0a5e88, https://github.com/openssl/openssl/commit/de157b8ff3328d41448779fa23b071c8e88304d2, https://github.com/openssl/openssl/commit/65ce85b7e3e07a9ff7e46cc7f74fa068f737c0f1, and https://github.com/openssl/openssl/commit/192fd36cfaed822d73288bd1437e821f75071f180143-CVE-2025-15467.patch: Backport of https://github.com/openssl/openssl/commit/0ddd6b6bcbdedbe2c8304af05771f8ab11939112, https://github.com/openssl/openssl/commit/b1a995ebcf54ff1478e2af4438d82ee3e15289de, https://github.com/openssl/openssl/commit/6297ac45d72ded9b45cad9a4fb2af6c29846d86c0144-CVE-2025-69419.patch: Backport of https://github.com/openssl/openssl/commit/53b78f2a49cd1ede1c4f86d53b2f6d9ff9e1620e and https://github.com/openssl/openssl/commit/51e8f70ba30b92e8faddbb0620666b835fed5a41This update has been pushed to testing.
Simple use cases are working fine for me.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by dbelyavs.
This update has been pushed to stable.