openssl 3.5.4 rpms released and added to all supported platforms (Alma Linux, Rocky Linux, RedHat Enterprise Linux RHEL, Oracle Linux).
CVE-2025-9230 – Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
CVE-2025-9231 – Fix Timing side-channel in SM2 algorithm on 64-bit ARM.
CVE-2025-9232 – Fix Out-of-bounds read in HTTP client no_proxy handling.
OpenSSL 3.5 is a release featuring QUIC server support.
We continue to build libs with quic support as a separate non-conflicting package openssl-quic-libs, files have separate .so.81.3 suffix to avoid conflicts with the official .so.3.