Debian alert DLA-4435-1 (libsodium)

From:
             
 
Utkarsh Gupta <guptautkarsh2102@gmail.com>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4435-1] libsodium security update
Date:
             
 
Wed, 07 Jan 2026 21:18:15 +0530
Message-ID:
             
 
<CAPP0f97BWr3UZj3-j+wcTcvMSadCCYm0bdzin4S5cT8JnE==eQ@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-4435-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
January 07, 2026                            https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : libsodium
Version        : 1.0.18-1+deb11u1
CVE ID         : CVE-2025-69277
Debian Bug     : 1124374

It was discovered that the crypto_core_ed25519_is_valid_point()
function of the Sodium cryptography library mishandled checks for
valid elliptic curve points.

For Debian 11 bullseye, this problem has been fixed in version
1.0.18-1+deb11u1.

We recommend that you upgrade your libsodium packages.

For the detailed security status of libsodium please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libsodium

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmlegCAACgkQgj6WdgbD
S5YHkA//STKlghpoaLBIn+6X2UhoHEidy/pv/D5pyc3leyNVdA0Py5lIFRKbUN7Q
g54tqlHWIiUtYJ9WSW8GU62qYuAYgWV4vGGNj8rMLU5Y4Fmalmbh/6FptWr/tiUC
p6eXRY9YoRDgMZBKkPVwvp7cuvJntnBU+OhPapryfWmVIHFkzXTDv7xCeBqJR7ex
1d93qKXNSpIVeQ0E0RzVx4CtIQ3IzFE2lPe+HpckKptP0qX4YiRQN6LUQ/gywV19
n2+CjOfKDaEA4x3tq44ige7xPieJTfwu0iLw9jYtM+jG8IO/LoEROTV4l1BD4C69
FaDgxUrFAscboWSkxhjvwp1DoY7TC604Yl3uF35FzoxVOT60Bk8awaLfyNYj/foO
4yzk/EYsxeRU6BUeKKwFeYyTya85beyrqpHRmbt4SoJg2LaV2j7Bc4NWxotKlJVQ
Eg9U2QO9T5vC3ZYJJWK7vNfF8k4FR8x7ERWxGX6n+APH3ahA6P5PBjXRIskJx8rp
XvobR5kGyJ/por8IBYeA5m6xFnFDeHaO/1OMNdiQ56eLUoMxIiynSHqM5I6hhujx
p8iEtLe3y60igdMkAmmMckgUpCI71Kqna+akbBveMim101IKK1/eSsVlr1UUVfrA
g5bbI5Ef/TMD6KdUR7U4LR8l66mvRV/6zvBUcN/TE2vrZDpE6jA=
=Cj2v
-----END PGP SIGNATURE-----