-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2025-4a35036fc1 2025-07-18 00:45:00.892018+00:00 --------------------------------------------------------------------------------
Name : mbedtls Product : Fedora EPEL 10.0 Version : 3.6.4 Release : 2.el10_0 URL : https://www.trustedfirmware.org/projects/mbed-tls Summary : Light-weight cryptographic and SSL/TLS library Description : Mbed TLS is a light-weight open source cryptographic and SSL/TLS library written in C. Mbed TLS makes it easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) applications with as little hassle as possible. -------------------------------------------------------------------------------- Update Information: Update to 3.6.4 Release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 3 2025 Morten Stevens <mstev...@fedoraproject.org> - 3.6.4-2 - Add conditional CFLAGS for Fedora and RHEL * Thu Jul 3 2025 Morten Stevens <mstev...@fedoraproject.org> - 3.6.4-1 - Update to 3.6.4 * Tue Mar 25 2025 Peter Robinson <pbrobin...@fedoraproject.org> - 3.6.3-1 - Update to 3.6.3 * Wed Mar 19 2025 Bill Roberts <bill.robe...@arm.com> - 3.6.2-3 - Rebuild for mbedtls 3.6 * Fri Jan 17 2025 Fedora Release Engineering <rel...@fedoraproject.org> - 3.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2376679 - CVE-2025-52496 mbedtls: Mbed TLS AESNI Race Condition Vulnerability [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2376679 [ 2 ] Bug #2376690 - CVE-2025-52497 mbedtls: Mbed TLS PEM Parsing Buffer Underflow [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2376690 [ 3 ] Bug #2376706 - CVE-2025-49601 mbedtls: MbedTLS LMS Public Key Out-of-Bounds Read [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2376706 [ 4 ] Bug #2376711 - CVE-2025-49600 mbedtls: MbedTLS LMS Signature Forgery via Fault Injection [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2376711 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update mbedtls' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ epel-package-announce mailing list -- epel-package-announce@lists.fedoraproject.org To unsubscribe send an email to epel-package-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-package-announce@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
