[SECURITY] [DLA 4435-1] libsodium security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4435-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Utkarsh Gupta
January 07, 2026 https://wiki.debian.org/LTS
- -----------------------------------------------------------------------
Package : libsodium
Version : 1.0.18-1+deb11u1
CVE ID : CVE-2025-69277
Debian Bug : 1124374
It was discovered that the crypto_core_ed25519_is_valid_point()
function of the Sodium cryptography library mishandled checks for
valid elliptic curve points.
For Debian 11 bullseye, this problem has been fixed in version
1.0.18-1+deb11u1.
We recommend that you upgrade your libsodium packages.
For the detailed security status of libsodium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsodium
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmlegCAACgkQgj6WdgbD
S5YHkA//STKlghpoaLBIn+6X2UhoHEidy/pv/D5pyc3leyNVdA0Py5lIFRKbUN7Q
g54tqlHWIiUtYJ9WSW8GU62qYuAYgWV4vGGNj8rMLU5Y4Fmalmbh/6FptWr/tiUC
p6eXRY9YoRDgMZBKkPVwvp7cuvJntnBU+OhPapryfWmVIHFkzXTDv7xCeBqJR7ex
1d93qKXNSpIVeQ0E0RzVx4CtIQ3IzFE2lPe+HpckKptP0qX4YiRQN6LUQ/gywV19
n2+CjOfKDaEA4x3tq44ige7xPieJTfwu0iLw9jYtM+jG8IO/LoEROTV4l1BD4C69
FaDgxUrFAscboWSkxhjvwp1DoY7TC604Yl3uF35FzoxVOT60Bk8awaLfyNYj/foO
4yzk/EYsxeRU6BUeKKwFeYyTya85beyrqpHRmbt4SoJg2LaV2j7Bc4NWxotKlJVQ
Eg9U2QO9T5vC3ZYJJWK7vNfF8k4FR8x7ERWxGX6n+APH3ahA6P5PBjXRIskJx8rp
XvobR5kGyJ/por8IBYeA5m6xFnFDeHaO/1OMNdiQ56eLUoMxIiynSHqM5I6hhujx
p8iEtLe3y60igdMkAmmMckgUpCI71Kqna+akbBveMim101IKK1/eSsVlr1UUVfrA
g5bbI5Ef/TMD6KdUR7U4LR8l66mvRV/6zvBUcN/TE2vrZDpE6jA=
=Cj2v
-----END PGP SIGNATURE-----
Reply to: