Issued:: 2025-12-09
Updated:: 2025-12-09

RHSA-2025:22969 - Security Advisory

Overview
Updated Packages

Synopsis

Important: Red Hat OpenStack Platform 17.1 (libwebsockets) security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libwebsockets is now available for Red Hat OpenStack Platform
17.1 (Wallaby).

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

Security Fix(es):

Stack-based Buffer Overflow in libwebsockets (CVE-2025-11678)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Solution

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat OpenStack 17.1 for RHEL 9 x86_64

Fixes

BZ - 2405139 - CVE-2025-11678 libwebsockets: Stack-based Buffer Overflow in libwebsockets

CVEs

CVE-2025-11678

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat OpenStack 17.1 for RHEL 9

SRPM
libwebsockets-4.3.0-2.el9ost.src.rpm	SHA-256: d6981b1c70f8f1bbc902a46b7e86e2deaf81cd5402c2a7c012e0c3a2e7a48484
x86_64
libwebsockets-4.3.0-2.el9ost.x86_64.rpm	SHA-256: c37e436fb1056c100438c9742ba1db4303b3b0f21ec31d5d489e3a54e962e316
libwebsockets-debuginfo-4.3.0-2.el9ost.x86_64.rpm	SHA-256: 7173b54b20e1139025422a2b6c8f550f56f0ddc4730be5bf4a18037cbaaf2eb1
libwebsockets-debugsource-4.3.0-2.el9ost.x86_64.rpm	SHA-256: 8a2a762c6c9daa913db5e303ff850264f43c1a76ab2c35a915d2e5c7e372386d
libwebsockets-devel-debuginfo-4.3.0-2.el9ost.x86_64.rpm	SHA-256: da38e65aa4a16b719c6bf6543b9797abf1522661f698d147386f075c48ac2c0b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation