|
|
Log in / Subscribe / Register

SUSE alert openSUSE-SU-2026:20650-1 (python-pynacl)



From:
              null@suse.de


To:
              security-announce@lists.opensuse.org


Subject:
              openSUSE-SU-2026:20650-1: moderate: Security update for python-PyNaCl


Date:
              Thu, 30 Apr 2026 15:13:43 +0200


Message-ID:
              <20260430131343.ABFEDFB96@maintenance.suse.de>


Archive-link:
              Article


openSUSE security update: security update for python-pynacl
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:20650-1
Rating: moderate
References:

  * bsc#1161557
  * bsc#1199282
  * bsc#1255764



Cross-References:

  * CVE-2025-69277



CVSS scores:

  * CVE-2025-69277 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  * CVE-2025-69277 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

         openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 3 bug fixes can now be installed.

Description:

This update for python-PyNaCl fixes the following issues:

Security fixes:

- CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or
untrusted data to
  crypto_core_ed25519_is_valid_point function (bsc#1255764).

Other fixes:

- update to 1.6.2 (bsc#1255764, CVE-2025-69277):
 * Updated libsodium to 1.0.20-stable (2025-12-31 build)
- Update to 1.6.1
 * The ``MAKE`` environment variable can now be used to specify
 the ``make`` binary that should be used in the build process.
- update to 1.6.0:
 * BACKWARDS INCOMPATIBLE: Removed support for Python 3.6 and
 3.7.
 * Added support for the low level AEAD AES bindings.
 * Added support for crypto_core_ed25519_from_uniform.
 * Update libsodium to 1.0.20-stable (2025-08-27 build).
 * Added support for free-threaded Python 3.14.
 * Added support for Windows on ARM wheels.
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- python-PyNaCl requires python-cffi [bsc#1161557]


Patch instructions:

   To install this openSUSE security update use the suse recommended installation methods
   like YaST online_update or "zypper patch".
   Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

   zypper in -t patch openSUSE-Leap-16.0-658=1

Package List:

- openSUSE Leap 16.0:

  python313-PyNaCl-1.6.2-160000.1.1

References:

  * https://www.suse.com/security/cve/CVE-2025-69277.html
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds