--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-b73e44fe9d
2024-09-12 01:34:06.829560
--------------------------------------------------------------------------------

Name        : wolfssl
Product     : Fedora 39
Version     : 5.7.2
Release     : 2.fc39
URL         : https://github.com/wolfSSL/wolfssl
Summary     : Lightweight SSL/TLS library written in ANSI C
Description :
The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
library written in ANSI C and targeted for embedded, RTOS, and
resource-constrained environments - primarily because of its small size,
speed, and feature set. It is commonly used in standard operating environments
as well because of its royalty-free pricing and excellent cross platform
support. wolfSSL supports industry standards up to the current TLS 1.3 and
DTLS 1.3, is up to 20 times smaller than OpenSSL, and offers progressive
ciphers such as ChaCha20, Curve25519, Blake2b and Post-Quantum TLS 1.3 groups.
User bench-marking and feedback reports dramatically better performance when
using wolfSSL over OpenSSL.

wolfSSL is powered by the wolfCrypt cryptography library. Two versions of
wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and certificate

visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com.

--------------------------------------------------------------------------------
Update Information:

RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep  3 2024 Andrew Bauer  - 5.7.2-2
- RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release
- fips macro patch no longer needed
* Sun Aug 25 2024 Andrew Bauer  - 5.7.2-1
- 5.7.2 release
- patch FIPS_VERSION3_GE macro issue
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2308628 - CVE-2024-1543 wolfssl: The side-channel protected T-Table implementation in wolfSSL [fedora-39]
        https://bugzilla.redhat.com/show_bug.cgi?id=2308628
  [ 2 ] Bug #2308629 - CVE-2024-1543 wolfssl: The side-channel protected T-Table implementation in wolfSSL [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2308629
  [ 3 ] Bug #2308630 - CVE-2024-1545 wolfssl: Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL [fedora-39]
        https://bugzilla.redhat.com/show_bug.cgi?id=2308630
  [ 4 ] Bug #2308631 - CVE-2024-1545 wolfssl: Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2308631
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-b73e44fe9d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 39: wolfssl 2024-b73e44fe9d Security Advisory Updates

September 12, 2024
RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release

Summary

The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS

library written in ANSI C and targeted for embedded, RTOS, and

resource-constrained environments - primarily because of its small size,

speed, and feature set. It is commonly used in standard operating environments

as well because of its royalty-free pricing and excellent cross platform

support. wolfSSL supports industry standards up to the current TLS 1.3 and

DTLS 1.3, is up to 20 times smaller than OpenSSL, and offers progressive

ciphers such as ChaCha20, Curve25519, Blake2b and Post-Quantum TLS 1.3 groups.

User bench-marking and feedback reports dramatically better performance when

using wolfSSL over OpenSSL.

wolfSSL is powered by the wolfCrypt cryptography library. Two versions of

wolfCrypt have been FIPS 140-2 validated (Certificate #2425 and certificate

visit the wolfCrypt FIPS FAQ or contact fips@wolfssl.com.

Update Information:

RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release

Change Log

* Tue Sep 3 2024 Andrew Bauer - 5.7.2-2 - RHBZ#2308628 RHBZ#2308629 RHBZ#2308630 RHBZ#2308631 fixed in 5.7.2 release - fips macro patch no longer needed * Sun Aug 25 2024 Andrew Bauer - 5.7.2-1 - 5.7.2 release - patch FIPS_VERSION3_GE macro issue

References

[ 1 ] Bug #2308628 - CVE-2024-1543 wolfssl: The side-channel protected T-Table implementation in wolfSSL [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2308628 [ 2 ] Bug #2308629 - CVE-2024-1543 wolfssl: The side-channel protected T-Table implementation in wolfSSL [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2308629 [ 3 ] Bug #2308630 - CVE-2024-1545 wolfssl: Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL [fedora-39] https://bugzilla.redhat.com/show_bug.cgi?id=2308630 [ 4 ] Bug #2308631 - CVE-2024-1545 wolfssl: Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2308631

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b73e44fe9d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : wolfssl
Product : Fedora 39
Version : 5.7.2
Release : 2.fc39
URL : https://github.com/wolfSSL/wolfssl
Summary : Lightweight SSL/TLS library written in ANSI C

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved