{"schema_version":"1.7.2","id":"OESA-2026-1557","modified":"2026-03-15T05:53:13Z","published":"2026-03-15T05:53:13Z","upstream":["CVE-2025-69277"],"summary":"libsodium security update","details":"Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.\r\n\r\nSecurity Fix(es):\n\nlibsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.(CVE-2025-69277)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"libsodium","purl":"pkg:rpm/openEuler/libsodium&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.18-2.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["libsodium-1.0.18-2.oe2003sp4.aarch64.rpm","libsodium-debuginfo-1.0.18-2.oe2003sp4.aarch64.rpm","libsodium-debugsource-1.0.18-2.oe2003sp4.aarch64.rpm","libsodium-devel-1.0.18-2.oe2003sp4.aarch64.rpm"],"src":["libsodium-1.0.18-2.oe2003sp4.src.rpm"],"x86_64":["libsodium-1.0.18-2.oe2003sp4.x86_64.rpm","libsodium-debuginfo-1.0.18-2.oe2003sp4.x86_64.rpm","libsodium-debugsource-1.0.18-2.oe2003sp4.x86_64.rpm","libsodium-devel-1.0.18-2.oe2003sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1557"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69277"}],"database_specific":{"severity":"Medium"}}