An update for libsodium is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1557 Final 1.0 1.0 2026-03-15 Initial 2026-03-15 2026-03-15 openEuler SA Tool V1.0 2026-03-15 libsodium security update An update for libsodium is now available for openEuler-20.03-LTS-SP4 Sodium is a modern, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable6, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further. Security Fix(es): libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.(CVE-2025-69277) An update for libsodium is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libsodium https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1557 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-69277 https://nvd.nist.gov/vuln/detail/CVE-2025-69277 openEuler-20.03-LTS-SP4 libsodium-1.0.18-2.oe2003sp4.aarch64.rpm libsodium-debuginfo-1.0.18-2.oe2003sp4.aarch64.rpm libsodium-debugsource-1.0.18-2.oe2003sp4.aarch64.rpm libsodium-devel-1.0.18-2.oe2003sp4.aarch64.rpm libsodium-1.0.18-2.oe2003sp4.src.rpm libsodium-1.0.18-2.oe2003sp4.x86_64.rpm libsodium-debuginfo-1.0.18-2.oe2003sp4.x86_64.rpm libsodium-debugsource-1.0.18-2.oe2003sp4.x86_64.rpm libsodium-devel-1.0.18-2.oe2003sp4.x86_64.rpm libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. 2026-03-15 CVE-2025-69277 openEuler-20.03-LTS-SP4 Medium 4.5 AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N libsodium security update 2026-03-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1557