SUSE-SU-2026:0223-1

Опубликовано: 22 янв. 2026

Источник: suse-cvrf

Описание

Security update for libsodium

This update for libsodium fixes the following issues:

CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).

Список пакетов

Container suse/manager/4.3/proxy-salt-broker:latest

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-BYOS

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-Hardened-BYOS

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-Hardened-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-SAP-Hardened-BYOS

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP5-BYOS-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP5-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP5-Hardened-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP5-SAP-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-Azure-3P

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-BYOS

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-BYOS-Azure

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-Hardened-BYOS

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-Hardened-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-SAP-Azure-3P

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-SAP-Hardened-BYOS

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP6-SAP-Hardened-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-Azure-3P

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-Azure-Basic

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-Azure-Standard

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-BYOS-Azure

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-BYOS-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-HPC-Azure

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-HPC-BYOS-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-HPC-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-Hardened-BYOS-Azure

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-Hardened-BYOS-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-Hardened-BYOS-GCE

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-SAP-Azure

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-SAP-Azure-3P

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-SAP-EC2

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-SAP-Hardened-Azure

libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP7-SAPCAL-Azure

libsodium23-1.0.18-150000.4.11.1

SUSE Linux Enterprise Micro 5.2

libsodium23-1.0.18-150000.4.11.1

SUSE Linux Enterprise Micro 5.3

libsodium23-1.0.18-150000.4.11.1

SUSE Linux Enterprise Micro 5.4

libsodium23-1.0.18-150000.4.11.1

SUSE Linux Enterprise Micro 5.5

libsodium23-1.0.18-150000.4.11.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

libsodium-devel-1.0.18-150000.4.11.1

libsodium23-1.0.18-150000.4.11.1

libsodium23-32bit-1.0.18-150000.4.11.1

openSUSE Leap 15.6

libsodium-devel-1.0.18-150000.4.11.1

libsodium23-1.0.18-150000.4.11.1

libsodium23-32bit-1.0.18-150000.4.11.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260223-1/
Link for SUSE-SU-2026:0223-1
https://lists.suse.com/pipermail/sle-security-updates/2026-January/023862.html
E-Mail link for SUSE-SU-2026:0223-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1256070
SUSE Bug 1256070
https://www.suse.com/security/cve/CVE-2025-15444/
SUSE CVE CVE-2025-15444 page

Описание

Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium libsodium <= 1.0.20 or a version of libsodium released before December 30, 2025 contains a vulnerability documented as CVE-2025-69277 https://www.cve.org/CVERecord?id=CVE-2025-69277 . The libsodium vulnerability states: In atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 0.000042 includes a version of libsodium updated to 1.0.20-stable, released January 3, 2026, which includes a fix for the vulnerability.

Затронутые продукты

Container suse/manager/4.3/proxy-salt-broker:latest:libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-BYOS-GCE:libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-BYOS:libsodium23-1.0.18-150000.4.11.1

Image SLES15-SP4-Hardened-BYOS-GCE:libsodium23-1.0.18-150000.4.11.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-15444.html
CVE-2025-15444
https://bugzilla.suse.com/1256070
SUSE Bug 1256070

SUSE-SU-2026:0223-1

Описание

Список пакетов

Container suse/manager/4.3/proxy-salt-broker:latest

Image SLES15-SP4-BYOS

Image SLES15-SP4-BYOS-GCE

Image SLES15-SP4-Hardened-BYOS

Image SLES15-SP4-Hardened-BYOS-GCE

Image SLES15-SP4-SAP-Hardened-BYOS

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

Image SLES15-SP5-BYOS-EC2

Image SLES15-SP5-BYOS-GCE

Image SLES15-SP5-Hardened-BYOS-GCE

Image SLES15-SP5-SAP-BYOS-GCE

Image SLES15-SP6

Image SLES15-SP6-Azure-3P

Image SLES15-SP6-BYOS

Image SLES15-SP6-BYOS-Azure

Image SLES15-SP6-BYOS-GCE

Image SLES15-SP6-Hardened-BYOS

Image SLES15-SP6-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Azure-3P

Image SLES15-SP6-SAP-Hardened-BYOS

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

Image SLES15-SP6-SAP-Hardened-EC2

Image SLES15-SP7-Azure-3P

Image SLES15-SP7-Azure-Basic

Image SLES15-SP7-Azure-Standard

Image SLES15-SP7-BYOS-Azure

Image SLES15-SP7-BYOS-EC2

Image SLES15-SP7-BYOS-GCE

Image SLES15-SP7-HPC-Azure

Image SLES15-SP7-HPC-BYOS-EC2

Image SLES15-SP7-HPC-BYOS-GCE

Image SLES15-SP7-Hardened-BYOS-Azure

Image SLES15-SP7-Hardened-BYOS-EC2

Image SLES15-SP7-Hardened-BYOS-GCE

Image SLES15-SP7-SAP-Azure

Image SLES15-SP7-SAP-Azure-3P

Image SLES15-SP7-SAP-EC2

Image SLES15-SP7-SAP-Hardened-Azure

Image SLES15-SP7-SAPCAL-Azure

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Micro 5.3

SUSE Linux Enterprise Micro 5.4

SUSE Linux Enterprise Micro 5.5

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-15444

Описание

Затронутые продукты

Ссылки