Openbao update for Fedora 43

Fedora Linux 9157 Published 2025-10-31 06:19 by Philipp Esselbach

News

A security update has been released for Fedora 43 to fix two vulnerabilities: CVE-2025-62513 and CVE-2025-62705, which were identified in the openbao tool.

Fedora 43 Update: openbao-2.4.3-1.fc43

[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0687b2debc
2025-10-31 00:49:56.590930+00:00
--------------------------------------------------------------------------------

Name : openbao
Product : Fedora 43
Version : 2.4.3
Release : 1.fc43
URL : https://openbao.org
Summary : A tool for securely accessing secrets
Description :
Openbao secures, stores, and tightly controls access to tokens, passwords,
certificates, API keys, and other secrets in modern computing. Openbao handles
leasing, key revocation, key rolling, and auditing. Through a unified API, users
can access an encrypted Key/Value store and network encryption-as-a-service, or
generate AWS IAM/STS credentials, SQL/NoSQL databases, X.509 certificates, SSH
credentials, and more.

--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.4.3, including fixes for CVE-2025-62513 and CVE-2025-62705.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 23 2025 Dave Dykstra - 2.4.3-1
- update to upstream 2.4.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2405900 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in Audit Logs [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405900
[ 2 ] Bug #2405901 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in Audit Logs [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2405901
[ 3 ] Bug #2405902 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in Audit Logs [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405902
[ 4 ] Bug #2405903 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in Audit Logs [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405903
[ 5 ] Bug #2405904 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in Audit Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405904
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0687b2debc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Liquorix Linux Kernel 6.17-6 released

OpenShift, Squid, Redis, Webkit2GTK4 updates for RHEL

Openbao update for Fedora 43

[SECURITY] Fedora 43 Update: openbao-2.4.3-1.fc43

Windows

Linux

macOS

Community