Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12224 (GCVE-0-2024-12224)
Vulnerability from cvelistv5 – Published: 2025-05-30 01:16 – Updated: 2025-05-30 12:46
VLAI?
EPSS
Summary
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:46:53.443148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:46:56.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crates.io/crates/idna",
"defaultStatus": "unaffected",
"packageName": "idna",
"product": "rust-url",
"repo": "https://github.com/servo/rust-url/",
"vendor": "servo",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "rust"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In applications using \u003ccode\u003eidna\u003c/code\u003e (but not in \u003ccode\u003eidna\u003c/code\u003e \nitself) this may be able to lead to privilege escalation when host name \ncomparison is part of a privilege check and the behavior is combined \nwith a client that resolves domains with such labels instead of treating\n them as errors that preclude DNS resolution / URL fetching and with the\n attacker managing to introduce a DNS entry (and TLS certificate) for an\n \u003ccode\u003exn--\u003c/code\u003e-masked name that turns into the name of the target when processed by \u003ccode\u003eidna\u003c/code\u003e 0.5.0 or earlier.\u003cbr\u003e"
}
],
"value": "In applications using idna (but not in idna \nitself) this may be able to lead to privilege escalation when host name \ncomparison is part of a privilege check and the behavior is combined \nwith a client that resolves domains with such labels instead of treating\n them as errors that preclude DNS resolution / URL fetching and with the\n attacker managing to introduce a DNS entry (and TLS certificate) for an\n xn---masked name that turns into the name of the target when processed by idna 0.5.0 or earlier."
}
],
"datePublic": "2024-12-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname."
}
],
"value": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T01:16:47.829Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "idna accepts Punycode labels that do not produce any non-ASCII when decoded",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-12224",
"datePublished": "2025-05-30T01:16:47.829Z",
"dateReserved": "2024-12-05T02:50:17.716Z",
"dateUpdated": "2025-05-30T12:46:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12224\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-05-30T02:15:19.670\",\"lastModified\":\"2025-06-25T15:33:17.667\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n incorrecta de equivalencia insegura en punycode por parte del crate idna de Servo rust-url permite que un atacante cree un nombre de host punycode que una parte de un sistema podr\u00eda tratar como distinto mientras que otra parte de ese sistema tratar\u00eda como equivalente a otro nombre de host.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@mozilla.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@mozilla.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:servo:idna:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"1.0.0\",\"matchCriteriaId\":\"2A9457A0-7004-4D5E-8C78-07A9BE0E13DA\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2024-0421.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12224\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T12:46:53.443148Z\"}}}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T12:46:47.514Z\"}}], \"cna\": {\"title\": \"idna accepts Punycode labels that do not produce any non-ASCII when decoded\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/servo/rust-url/\", \"vendor\": \"servo\", \"product\": \"rust-url\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.0.0\", \"versionType\": \"rust\"}], \"packageName\": \"idna\", \"collectionURL\": \"https://crates.io/crates/idna\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-12-09T08:00:00.000Z\", \"references\": [{\"url\": \"https://rustsec.org/advisories/RUSTSEC-2024-0421.html\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\", \"tags\": [\"issue-tracking\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"CWE-1289\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In applications using idna (but not in idna \\nitself) this may be able to lead to privilege escalation when host name \\ncomparison is part of a privilege check and the behavior is combined \\nwith a client that resolves domains with such labels instead of treating\\n them as errors that preclude DNS resolution / URL fetching and with the\\n attacker managing to introduce a DNS entry (and TLS certificate) for an\\n xn---masked name that turns into the name of the target when processed by idna 0.5.0 or earlier.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In applications using \u003ccode\u003eidna\u003c/code\u003e (but not in \u003ccode\u003eidna\u003c/code\u003e \\nitself) this may be able to lead to privilege escalation when host name \\ncomparison is part of a privilege check and the behavior is combined \\nwith a client that resolves domains with such labels instead of treating\\n them as errors that preclude DNS resolution / URL fetching and with the\\n attacker managing to introduce a DNS entry (and TLS certificate) for an\\n \u003ccode\u003exn--\u003c/code\u003e-masked name that turns into the name of the target when processed by \u003ccode\u003eidna\u003c/code\u003e 0.5.0 or earlier.\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2025-05-30T01:16:47.829Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12224\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T12:46:56.887Z\", \"dateReserved\": \"2024-12-05T02:50:17.716Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2025-05-30T01:16:47.829Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
SUSE-SU-2025:02768-1
Vulnerability from csaf_suse - Published: 2025-08-12 13:01 - Updated: 2025-08-12 13:01Summary
Security update for sccache
Notes
Title of the patch
Security update for sccache
Description of the patch
This update for sccache fixes the following issues:
- Update to version 0.4.2~4:
- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243868)
Patchnames
SUSE-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2768,openSUSE-SLE-15.6-2025-2768
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sccache",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sccache fixes the following issues:\n\n- Update to version 0.4.2~4:\n- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243868)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2768,openSUSE-SLE-15.6-2025-2768",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02768-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02768-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502768-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02768-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041175.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243868",
"url": "https://bugzilla.suse.com/1243868"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Security update for sccache",
"tracking": {
"current_release_date": "2025-08-12T13:01:12Z",
"generator": {
"date": "2025-08-12T13:01:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02768-1",
"initial_release_date": "2025-08-12T13:01:12Z",
"revision_history": [
{
"date": "2025-08-12T13:01:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"product_id": "sccache-0.4.2~4-150600.10.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.i586",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.i586",
"product_id": "sccache-0.4.2~4-150600.10.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"product_id": "sccache-0.4.2~4-150600.10.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.s390x",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x",
"product_id": "sccache-0.4.2~4-150600.10.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"product_id": "sccache-0.4.2~4-150600.10.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T13:01:12Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
SUSE-SU-2025:03307-1
Vulnerability from csaf_suse - Published: 2025-09-23 13:13 - Updated: 2025-09-23 13:13Summary
Security update for sevctl
Notes
Title of the patch
Security update for sevctl
Description of the patch
This update for sevctl fixes the following issues:
- CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860)
- CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618)
Patchnames
SUSE-2025-3307,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3307,openSUSE-SLE-15.6-2025-3307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sevctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sevctl fixes the following issues:\n \n- CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860) \n- CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3307,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3307,openSUSE-SLE-15.6-2025-3307",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03307-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03307-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503307-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03307-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041813.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242618",
"url": "https://bugzilla.suse.com/1242618"
},
{
"category": "self",
"summary": "SUSE Bug 1243860",
"url": "https://bugzilla.suse.com/1243860"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
}
],
"title": "Security update for sevctl",
"tracking": {
"current_release_date": "2025-09-23T13:13:49Z",
"generator": {
"date": "2025-09-23T13:13:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03307-1",
"initial_release_date": "2025-09-23T13:13:49Z",
"revision_history": [
{
"date": "2025-09-23T13:13:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sevctl-0.4.3-150600.4.3.1.x86_64",
"product": {
"name": "sevctl-0.4.3-150600.4.3.1.x86_64",
"product_id": "sevctl-0.4.3-150600.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sevctl-0.4.3-150600.4.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64"
},
"product_reference": "sevctl-0.4.3-150600.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sevctl-0.4.3-150600.4.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
},
"product_reference": "sevctl-0.4.3-150600.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T13:13:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:sevctl-0.4.3-150600.4.3.1.x86_64",
"openSUSE Leap 15.6:sevctl-0.4.3-150600.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T13:13:49Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
}
]
}
SUSE-SU-2025:3783-1
Vulnerability from csaf_suse - Published: 2025-10-24 13:28 - Updated: 2025-10-24 13:28Summary
Security update for afterburn
Notes
Title of the patch
Security update for afterburn
Description of the patch
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
Patchnames
SUSE-2025-3783,SUSE-SUSE-MicroOS-5.2-2025-3783
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for afterburn",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for afterburn fixes the following issues:\n\nUpdate to version 5.9.0.git21.a73f509.\n\nSecurity issues fixed:\n\n- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large\n repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).\n- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect\n hostname comparisons and incorrect URL parsing (bsc#1243850).\n- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups\n can lead to privilege escalation when information is used for access control (bsc#1244199).\n- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can\n lead to use-after-free (bsc#1242665).\n\nOther issues fixed:\n\n- Fixed in version 5.9.0.git21.a73f509:\n * cargo: update dependencies\n * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat\n * microsoft/azure: Fix SharedConfig parsing of XML attributes\n * microsoft/azure: Mock goalstate.SharedConfig output in tests\n * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).\n * upcloud: implement UpCloud provider\n * Update several build dependencies\n \n- Fixed in version 5.9.0:\n * cargo: update dependencies\n * dracut: Return 255 in module-setup\n * oraclecloud: add release note and move base URL to constant\n * oraclecloud: implement oraclecloud provider\n * Update several build dependencies\n\n- Fixed in version 5.8.2:\n * cargo: update dependencies\n * packit: add initial support\n\n- Fixed in version 5.7.0.git103.bae893c:\n * proxmoxve: Add more context to log messages.\n * proxmoxve: Remove unneeded fields\n * proxmoxve: Add tests for static network configuration from cloud-init.\n * proxmoxve: Add support for static network configuration from cloud-init.\n * providers/openstack: ignore ec2 metadata if not present\n * proxmox: use noop provider if no configdrive\n * Update several build dependencies\n\n- Fixed in version 5.7.0:\n * cargo: update dependencies\n * dhcp: replace dbus_proxy with proxy, and zbus traits\n * providers/hetzner: private ipv4 addresses in attributes\n * openstack: Document the two platforms\n * microsoft/azure: allow empty certificate chain in PKCS12 file\n * proxmoxve: implement proxmoxve provider\n * providers/hetzner: fix duplicate attribute prefix\n * lint: silence deadcode warnings\n * lint: address latest lint\u0027s from msrv update\n * cargo: update msrv to 1.75\n * providers: Add \u0027akamai\u0027 provider\n * providers/vmware: add missing public functions for non-amd64\n * providers/vmware: Process guestinfo.metadata netplan configuration\n * kubevirt: Run afterburn-hostname service\n * providers: add support for scaleway\n * Move away from deprecated `users` to `uzers`\n * providers/hetzner: add support for Hetzner Cloud\n * cargo: update MSRV to 1.71\n * cargo: specify required features for nix dependency\n * openstack: Add attribute OPENSTACK_INSTANCE_UUID\n * cargo: allow openssl 0.10.46\n * build-sys: Use new tier = 2 for cargo-vendor-filterer\n * cargo: fix minimum version of openssl crate\n * microsoft/crypto/mod: replace deprecated function `parse` with `parse2`\n * cli: switch to clap derive\n * cli: add descriptive value names for option arguments in --help\n * cli: have clap require exactly one of --cmdline/--provider\n * providers/`*`: move endpoint mocking into retry::Client\n * retry/client: move URL parsing into helper function\n * providers/microsoft: import crate::retry\n * providers/microsoft: use stored client for all fetches\n * providers/packet: use stored client for boot checkin\n * initrd: remember to write trailing newline to network kargs file\n * util: drop obsolete \u0027OEM\u0027 terminology\n * Inline variables into format strings\n * Update several build dependencies\n\n- Fixed in version 5.4.1:\n * cargo: add configuration for cargo-vendor-filterer\n * util: support DHCP option lookup from NetworkManager\n * util: factor out retries of DHCP option lookup\n * util: refactor DHCP option query helper into an enum\n * util: move dns_lease_key_lookup() to a separate module\n * cargo: update MSRV to 1.66\n * cargo: update all packages to fix build error\n * cargo: continue to support openssh-keys 0.5\n * cargo: drop serde_derive crate in favor of serde derive feature\n * cargo: use consistent declaration syntax for slog dependency\n * cargo: drop unused dependencies\n * cargo: continue to support base64 0.13\n * cargo: continue to support mailparse 0.13.8\n * cargo: continue to support clap 3.1\n * cargo: stop enabling LTO in release builds\n * providers/ibmcloud: avoid error if an ssh key not found in metadata\n * systemd: add explicit ordering, after multi-user.target\n * network: fix clippy 1.63.0 lints\n * cargo: allow serde_yaml 0.8\n * cargo: update version ranges for post-1.x deps\n * providers: Use inline `format!` in a few places\n * *: bump MSRV to 1.58.0\n * cargo: update clap to 3.2.5\n * copr: mark git checkout as safe\n * providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID\n * Update several build dependencies\n\n- Fixed in version 5.3.0:\n * systemd: enable sshkeys on Power VS platform\n * network: Encode information for systemd-networkd-wait-online\n * cargo: update to clap 3.1\n * cargo: enable clap wrap_help feature\n * cli: run clap tests\n * cli: avoid deprecated clap constructs\n * cargo: update to clap 3.0\n * cli: use clap mechanism to require exp subcommand\n * cargo: declare MSRV in Cargo.toml\n * cargo: update to Rust 2021; bump MSRV to 1.56.0\n * copr: abort if specfile fetch fails\n * providers/aws: add AWS_IPV6 attribute\n * providers/aws: bump metadata version to 2021-01-03\n * kubevirt: Add KubeVirt platform support\n * *.service: add/update Documentation field\n * aws/mock_tests: explicitly drop mocks before resetting\n * aws/mock_tests: split out IMDS tests\n * aws/mock_tests: factor out map building\n * *: use `RemainAfterExit` on all oneshot services\n * Update several build dependencies\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3783,SUSE-SUSE-MicroOS-5.2-2025-3783",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3783-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3783-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253783-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3783-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042304.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE Bug 1242665",
"url": "https://bugzilla.suse.com/1242665"
},
{
"category": "self",
"summary": "SUSE Bug 1243850",
"url": "https://bugzilla.suse.com/1243850"
},
{
"category": "self",
"summary": "SUSE Bug 1244199",
"url": "https://bugzilla.suse.com/1244199"
},
{
"category": "self",
"summary": "SUSE Bug 1244675",
"url": "https://bugzilla.suse.com/1244675"
},
{
"category": "self",
"summary": "SUSE Bug 1250471",
"url": "https://bugzilla.suse.com/1250471"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5791/"
}
],
"title": "Security update for afterburn",
"tracking": {
"current_release_date": "2025-10-24T13:28:12Z",
"generator": {
"date": "2025-10-24T13:28:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3783-1",
"initial_release_date": "2025-10-24T13:28:12Z",
"revision_history": [
{
"date": "2025-10-24T13:28:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"product_id": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch",
"product": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch",
"product_id": "afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.ppc64le",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.ppc64le",
"product_id": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.s390x",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.s390x",
"product_id": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"product_id": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
},
"product_reference": "afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:12Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:12Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:12Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-5791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5791"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the user\u0027s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5791",
"url": "https://www.suse.com/security/cve/CVE-2025-5791"
},
{
"category": "external",
"summary": "SUSE Bug 1244187 for CVE-2025-5791",
"url": "https://bugzilla.suse.com/1244187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:afterburn-5.9.0.git21.a73f509-150300.3.5.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:afterburn-dracut-5.9.0.git21.a73f509-150300.3.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:12Z",
"details": "important"
}
],
"title": "CVE-2025-5791"
}
]
}
SUSE-SU-2025:20783-1
Vulnerability from csaf_suse - Published: 2025-09-17 11:34 - Updated: 2025-09-17 11:34Summary
Security update for sevctl
Notes
Title of the patch
Security update for sevctl
Description of the patch
This update for sevctl fixes the following issues:
- CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242618)
- CVE-2024-12224: idna: Fixed Punycode improper validation (bsc#1243860)
Patchnames
SUSE-SLE-Micro-6.1-267
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sevctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sevctl fixes the following issues:\n\n- CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242618)\n- CVE-2024-12224: idna: Fixed Punycode improper validation (bsc#1243860)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-267",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20783-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20783-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520783-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20783-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041919.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242618",
"url": "https://bugzilla.suse.com/1242618"
},
{
"category": "self",
"summary": "SUSE Bug 1243860",
"url": "https://bugzilla.suse.com/1243860"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
}
],
"title": "Security update for sevctl",
"tracking": {
"current_release_date": "2025-09-17T11:34:38Z",
"generator": {
"date": "2025-09-17T11:34:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20783-1",
"initial_release_date": "2025-09-17T11:34:38Z",
"revision_history": [
{
"date": "2025-09-17T11:34:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sevctl-0.4.3-slfo.1.1_3.1.x86_64",
"product": {
"name": "sevctl-0.4.3-slfo.1.1_3.1.x86_64",
"product_id": "sevctl-0.4.3-slfo.1.1_3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sevctl-0.4.3-slfo.1.1_3.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
},
"product_reference": "sevctl-0.4.3-slfo.1.1_3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-17T11:34:38Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:sevctl-0.4.3-slfo.1.1_3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-17T11:34:38Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
}
]
}
SUSE-SU-2025:02810-1
Vulnerability from csaf_suse - Published: 2025-08-15 12:51 - Updated: 2025-08-15 12:51Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
Patchnames
SUSE-2025-2810,SUSE-SLE-Micro-5.4-2025-2810
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n \n- Update to version 0.2.7+117:\n * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2810,SUSE-SLE-Micro-5.4-2025-2810",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02810-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02810-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502810-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02810-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041229.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210344",
"url": "https://bugzilla.suse.com/1210344"
},
{
"category": "self",
"summary": "SUSE Bug 1223234",
"url": "https://bugzilla.suse.com/1223234"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-08-15T12:51:47Z",
"generator": {
"date": "2025-08-15T12:51:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02810-1",
"initial_release_date": "2025-08-15T12:51:47Z",
"revision_history": [
{
"date": "2025-08-15T12:51:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.ppc64le",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "important"
}
],
"title": "CVE-2025-58266"
}
]
}
SUSE-SU-2025:02811-1
Vulnerability from csaf_suse - Published: 2025-08-15 12:51 - Updated: 2025-08-15 12:51Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
Patchnames
SUSE-2025-2811,SUSE-SLE-Micro-5.5-2025-2811
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n \n- Update to version 0.2.7+117:\n * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2811,SUSE-SLE-Micro-5.5-2025-2811",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02811-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02811-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502811-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02811-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041228.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210344",
"url": "https://bugzilla.suse.com/1210344"
},
{
"category": "self",
"summary": "SUSE Bug 1223234",
"url": "https://bugzilla.suse.com/1223234"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-08-15T12:51:54Z",
"generator": {
"date": "2025-08-15T12:51:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02811-1",
"initial_release_date": "2025-08-15T12:51:54Z",
"revision_history": [
{
"date": "2025-08-15T12:51:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "important"
}
],
"title": "CVE-2025-58266"
}
]
}
SUSE-SU-2025:02586-1
Vulnerability from csaf_suse - Published: 2025-08-01 08:49 - Updated: 2025-08-01 08:49Summary
Security update for rav1e
Notes
Title of the patch
Security update for rav1e
Description of the patch
This update for rav1e fixes the following issues:
- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855)
Patchnames
SUSE-2025-2586,SUSE-SLE-Module-Basesystem-15-SP6-2025-2586,SUSE-SLE-Module-Basesystem-15-SP7-2025-2586,openSUSE-SLE-15.6-2025-2586
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rav1e",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rav1e fixes the following issues:\n\n- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2586,SUSE-SLE-Module-Basesystem-15-SP6-2025-2586,SUSE-SLE-Module-Basesystem-15-SP7-2025-2586,openSUSE-SLE-15.6-2025-2586",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02586-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02586-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502586-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02586-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/040996.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243855",
"url": "https://bugzilla.suse.com/1243855"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Security update for rav1e",
"tracking": {
"current_release_date": "2025-08-01T08:49:06Z",
"generator": {
"date": "2025-08-01T08:49:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02586-1",
"initial_release_date": "2025-08-01T08:49:06Z",
"revision_history": [
{
"date": "2025-08-01T08:49:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.aarch64",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.aarch64",
"product_id": "rav1e-0.6.6-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-64bit-0.6.6-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "librav1e0_6-64bit-0.6.6-150600.3.3.1.aarch64_ilp32",
"product_id": "librav1e0_6-64bit-0.6.6-150600.3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.i586",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.i586",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.i586",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.i586",
"product_id": "rav1e-0.6.6-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.i586",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.i586",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.ppc64le",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.ppc64le",
"product_id": "rav1e-0.6.6-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.s390x",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.s390x",
"product_id": "rav1e-0.6.6-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.s390x",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.s390x",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"product_id": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.x86_64",
"product_id": "rav1e-0.6.6-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.x86_64",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-01T08:49:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
SUSE-SU-2025:3786-1
Vulnerability from csaf_suse - Published: 2025-10-24 13:28 - Updated: 2025-10-24 13:28Summary
Security update for afterburn
Notes
Title of the patch
Security update for afterburn
Description of the patch
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
Patchnames
SUSE-2025-3786,SUSE-SLE-Micro-5.3-2025-3786
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for afterburn",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for afterburn fixes the following issues:\n\nUpdate to version 5.9.0.git21.a73f509.\n\nSecurity issues fixed:\n\n- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large\n repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).\n- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect\n hostname comparisons and incorrect URL parsing (bsc#1243850).\n- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups\n can lead to privilege escalation when information is used for access control (bsc#1244199).\n- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can\n lead to use-after-free (bsc#1242665).\n\nOther issues fixed:\n\n- Fixed in version 5.9.0.git21.a73f509:\n * cargo: update dependencies\n * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat\n * microsoft/azure: Fix SharedConfig parsing of XML attributes\n * microsoft/azure: Mock goalstate.SharedConfig output in tests\n * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).\n * upcloud: implement UpCloud provider\n * Update several build dependencies\n \n- Fixed in version 5.9.0:\n * cargo: update dependencies\n * dracut: Return 255 in module-setup\n * oraclecloud: add release note and move base URL to constant\n * oraclecloud: implement oraclecloud provider\n * Update several build dependencies\n\n- Fixed in version 5.8.2:\n * cargo: update dependencies\n * packit: add initial support\n\n- Fixed in version 5.7.0.git103.bae893c:\n * proxmoxve: Add more context to log messages.\n * proxmoxve: Remove unneeded fields\n * proxmoxve: Add tests for static network configuration from cloud-init.\n * proxmoxve: Add support for static network configuration from cloud-init.\n * providers/openstack: ignore ec2 metadata if not present\n * proxmox: use noop provider if no configdrive\n * Update several build dependencies\n\n- Fixed in version 5.7.0:\n * cargo: update dependencies\n * dhcp: replace dbus_proxy with proxy, and zbus traits\n * providers/hetzner: private ipv4 addresses in attributes\n * openstack: Document the two platforms\n * microsoft/azure: allow empty certificate chain in PKCS12 file\n * proxmoxve: implement proxmoxve provider\n * providers/hetzner: fix duplicate attribute prefix\n * lint: silence deadcode warnings\n * lint: address latest lint\u0027s from msrv update\n * cargo: update msrv to 1.75\n * providers: Add \u0027akamai\u0027 provider\n * providers/vmware: add missing public functions for non-amd64\n * providers/vmware: Process guestinfo.metadata netplan configuration\n * kubevirt: Run afterburn-hostname service\n * providers: add support for scaleway\n * Move away from deprecated `users` to `uzers`\n * providers/hetzner: add support for Hetzner Cloud\n * cargo: update MSRV to 1.71\n * cargo: specify required features for nix dependency\n * openstack: Add attribute OPENSTACK_INSTANCE_UUID\n * cargo: allow openssl 0.10.46\n * build-sys: Use new tier = 2 for cargo-vendor-filterer\n * cargo: fix minimum version of openssl crate\n * microsoft/crypto/mod: replace deprecated function `parse` with `parse2`\n * cli: switch to clap derive\n * cli: add descriptive value names for option arguments in --help\n * cli: have clap require exactly one of --cmdline/--provider\n * providers/`*`: move endpoint mocking into retry::Client\n * retry/client: move URL parsing into helper function\n * providers/microsoft: import crate::retry\n * providers/microsoft: use stored client for all fetches\n * providers/packet: use stored client for boot checkin\n * initrd: remember to write trailing newline to network kargs file\n * util: drop obsolete \u0027OEM\u0027 terminology\n * Inline variables into format strings\n * Update several build dependencies\n\n- Fixed in version 5.4.1:\n * cargo: add configuration for cargo-vendor-filterer\n * util: support DHCP option lookup from NetworkManager\n * util: factor out retries of DHCP option lookup\n * util: refactor DHCP option query helper into an enum\n * util: move dns_lease_key_lookup() to a separate module\n * cargo: update MSRV to 1.66\n * cargo: update all packages to fix build error\n * cargo: continue to support openssh-keys 0.5\n * cargo: drop serde_derive crate in favor of serde derive feature\n * cargo: use consistent declaration syntax for slog dependency\n * cargo: drop unused dependencies\n * cargo: continue to support base64 0.13\n * cargo: continue to support mailparse 0.13.8\n * cargo: continue to support clap 3.1\n * cargo: stop enabling LTO in release builds\n * providers/ibmcloud: avoid error if an ssh key not found in metadata\n * systemd: add explicit ordering, after multi-user.target\n * network: fix clippy 1.63.0 lints\n * cargo: allow serde_yaml 0.8\n * cargo: update version ranges for post-1.x deps\n * providers: Use inline `format!` in a few places\n * *: bump MSRV to 1.58.0\n * cargo: update clap to 3.2.5\n * copr: mark git checkout as safe\n * providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID\n * Update several build dependencies\n\n- Fixed in version 5.3.0:\n * systemd: enable sshkeys on Power VS platform\n * network: Encode information for systemd-networkd-wait-online\n * cargo: update to clap 3.1\n * cargo: enable clap wrap_help feature\n * cli: run clap tests\n * cli: avoid deprecated clap constructs\n * cargo: update to clap 3.0\n * cli: use clap mechanism to require exp subcommand\n * cargo: declare MSRV in Cargo.toml\n * cargo: update to Rust 2021; bump MSRV to 1.56.0\n * copr: abort if specfile fetch fails\n * providers/aws: add AWS_IPV6 attribute\n * providers/aws: bump metadata version to 2021-01-03\n * kubevirt: Add KubeVirt platform support\n * *.service: add/update Documentation field\n * aws/mock_tests: explicitly drop mocks before resetting\n * aws/mock_tests: split out IMDS tests\n * aws/mock_tests: factor out map building\n * *: use `RemainAfterExit` on all oneshot services\n * Update several build dependencies\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3786,SUSE-SLE-Micro-5.3-2025-3786",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3786-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3786-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253786-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3786-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042301.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE Bug 1242665",
"url": "https://bugzilla.suse.com/1242665"
},
{
"category": "self",
"summary": "SUSE Bug 1243850",
"url": "https://bugzilla.suse.com/1243850"
},
{
"category": "self",
"summary": "SUSE Bug 1244199",
"url": "https://bugzilla.suse.com/1244199"
},
{
"category": "self",
"summary": "SUSE Bug 1244675",
"url": "https://bugzilla.suse.com/1244675"
},
{
"category": "self",
"summary": "SUSE Bug 1250471",
"url": "https://bugzilla.suse.com/1250471"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5791/"
}
],
"title": "Security update for afterburn",
"tracking": {
"current_release_date": "2025-10-24T13:28:30Z",
"generator": {
"date": "2025-10-24T13:28:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3786-1",
"initial_release_date": "2025-10-24T13:28:30Z",
"revision_history": [
{
"date": "2025-10-24T13:28:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch",
"product": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch",
"product_id": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.ppc64le",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.ppc64le",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.s390x",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.s390x",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
},
"product_reference": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:30Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:30Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:30Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-5791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5791"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the user\u0027s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5791",
"url": "https://www.suse.com/security/cve/CVE-2025-5791"
},
{
"category": "external",
"summary": "SUSE Bug 1244187 for CVE-2025-5791",
"url": "https://bugzilla.suse.com/1244187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:30Z",
"details": "important"
}
],
"title": "CVE-2025-5791"
}
]
}
SUSE-SU-2025:20716-1
Vulnerability from csaf_suse - Published: 2025-09-12 08:47 - Updated: 2025-09-12 08:47Summary
Security update for sevctl
Notes
Title of the patch
Security update for sevctl
Description of the patch
This update for sevctl fixes the following issues:
- CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242618)
- CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode (bsc#1243860)
Patchnames
SUSE-SLE-Micro-6.0-459
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sevctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sevctl fixes the following issues:\n\n- CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242618)\n- CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode (bsc#1243860)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-459",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20716-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20716-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520716-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20716-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041738.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242618",
"url": "https://bugzilla.suse.com/1242618"
},
{
"category": "self",
"summary": "SUSE Bug 1243860",
"url": "https://bugzilla.suse.com/1243860"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
}
],
"title": "Security update for sevctl",
"tracking": {
"current_release_date": "2025-09-12T08:47:46Z",
"generator": {
"date": "2025-09-12T08:47:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20716-1",
"initial_release_date": "2025-09-12T08:47:46Z",
"revision_history": [
{
"date": "2025-09-12T08:47:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sevctl-0.4.3-3.1.x86_64",
"product": {
"name": "sevctl-0.4.3-3.1.x86_64",
"product_id": "sevctl-0.4.3-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sevctl-0.4.3-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
},
"product_reference": "sevctl-0.4.3-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-12T08:47:46Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:sevctl-0.4.3-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-12T08:47:46Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
}
]
}
SUSE-SU-2025:03298-1
Vulnerability from csaf_suse - Published: 2025-09-23 09:01 - Updated: 2025-09-23 09:01Summary
Security update for rustup
Notes
Title of the patch
Security update for rustup
Description of the patch
This update for rustup fixes the following issues:
- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode (bsc#1243862)
- CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242617)
Patchnames
SUSE-2025-3298,SUSE-SLE-Module-Development-Tools-15-SP6-2025-3298,SUSE-SLE-Module-Development-Tools-15-SP7-2025-3298,openSUSE-SLE-15.6-2025-3298
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rustup",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rustup fixes the following issues:\n\n- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode (bsc#1243862)\n- CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242617)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3298,SUSE-SLE-Module-Development-Tools-15-SP6-2025-3298,SUSE-SLE-Module-Development-Tools-15-SP7-2025-3298,openSUSE-SLE-15.6-2025-3298",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03298-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03298-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503298-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03298-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041805.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242617",
"url": "https://bugzilla.suse.com/1242617"
},
{
"category": "self",
"summary": "SUSE Bug 1243862",
"url": "https://bugzilla.suse.com/1243862"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
}
],
"title": "Security update for rustup",
"tracking": {
"current_release_date": "2025-09-23T09:01:29Z",
"generator": {
"date": "2025-09-23T09:01:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03298-1",
"initial_release_date": "2025-09-23T09:01:29Z",
"revision_history": [
{
"date": "2025-09-23T09:01:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.26.0~0-150600.10.7.1.aarch64",
"product": {
"name": "rustup-1.26.0~0-150600.10.7.1.aarch64",
"product_id": "rustup-1.26.0~0-150600.10.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.26.0~0-150600.10.7.1.x86_64",
"product": {
"name": "rustup-1.26.0~0-150600.10.7.1.x86_64",
"product_id": "rustup-1.26.0~0-150600.10.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.26.0~0-150600.10.7.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64"
},
"product_reference": "rustup-1.26.0~0-150600.10.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.26.0~0-150600.10.7.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64"
},
"product_reference": "rustup-1.26.0~0-150600.10.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.26.0~0-150600.10.7.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64"
},
"product_reference": "rustup-1.26.0~0-150600.10.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.26.0~0-150600.10.7.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64"
},
"product_reference": "rustup-1.26.0~0-150600.10.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.26.0~0-150600.10.7.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64"
},
"product_reference": "rustup-1.26.0~0-150600.10.7.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.26.0~0-150600.10.7.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
},
"product_reference": "rustup-1.26.0~0-150600.10.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:01:29Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1.x86_64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.aarch64",
"openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T09:01:29Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
}
]
}
SUSE-SU-2025:3785-1
Vulnerability from csaf_suse - Published: 2025-10-24 13:28 - Updated: 2025-10-24 13:28Summary
Security update for afterburn
Notes
Title of the patch
Security update for afterburn
Description of the patch
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
Patchnames
SUSE-2025-3785,SUSE-SLE-Micro-5.4-2025-3785
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for afterburn",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for afterburn fixes the following issues:\n\nUpdate to version 5.9.0.git21.a73f509.\n\nSecurity issues fixed:\n\n- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large\n repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).\n- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect\n hostname comparisons and incorrect URL parsing (bsc#1243850).\n- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups\n can lead to privilege escalation when information is used for access control (bsc#1244199).\n- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can\n lead to use-after-free (bsc#1242665).\n\nOther issues fixed:\n\n- Fixed in version 5.9.0.git21.a73f509:\n * cargo: update dependencies\n * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat\n * microsoft/azure: Fix SharedConfig parsing of XML attributes\n * microsoft/azure: Mock goalstate.SharedConfig output in tests\n * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).\n * upcloud: implement UpCloud provider\n * Update several build dependencies\n \n- Fixed in version 5.9.0:\n * cargo: update dependencies\n * dracut: Return 255 in module-setup\n * oraclecloud: add release note and move base URL to constant\n * oraclecloud: implement oraclecloud provider\n * Update several build dependencies\n\n- Fixed in version 5.8.2:\n * cargo: update dependencies\n * packit: add initial support\n\n- Fixed in version 5.7.0.git103.bae893c:\n * proxmoxve: Add more context to log messages.\n * proxmoxve: Remove unneeded fields\n * proxmoxve: Add tests for static network configuration from cloud-init.\n * proxmoxve: Add support for static network configuration from cloud-init.\n * providers/openstack: ignore ec2 metadata if not present\n * proxmox: use noop provider if no configdrive\n * Update several build dependencies\n\n- Fixed in version 5.7.0:\n * cargo: update dependencies\n * dhcp: replace dbus_proxy with proxy, and zbus traits\n * providers/hetzner: private ipv4 addresses in attributes\n * openstack: Document the two platforms\n * microsoft/azure: allow empty certificate chain in PKCS12 file\n * proxmoxve: implement proxmoxve provider\n * providers/hetzner: fix duplicate attribute prefix\n * lint: silence deadcode warnings\n * lint: address latest lint\u0027s from msrv update\n * cargo: update msrv to 1.75\n * providers: Add \u0027akamai\u0027 provider\n * providers/vmware: add missing public functions for non-amd64\n * providers/vmware: Process guestinfo.metadata netplan configuration\n * kubevirt: Run afterburn-hostname service\n * providers: add support for scaleway\n * Move away from deprecated `users` to `uzers`\n * providers/hetzner: add support for Hetzner Cloud\n * cargo: update MSRV to 1.71\n * cargo: specify required features for nix dependency\n * openstack: Add attribute OPENSTACK_INSTANCE_UUID\n * cargo: allow openssl 0.10.46\n * build-sys: Use new tier = 2 for cargo-vendor-filterer\n * cargo: fix minimum version of openssl crate\n * microsoft/crypto/mod: replace deprecated function `parse` with `parse2`\n * cli: switch to clap derive\n * cli: add descriptive value names for option arguments in --help\n * cli: have clap require exactly one of --cmdline/--provider\n * providers/`*`: move endpoint mocking into retry::Client\n * retry/client: move URL parsing into helper function\n * providers/microsoft: import crate::retry\n * providers/microsoft: use stored client for all fetches\n * providers/packet: use stored client for boot checkin\n * initrd: remember to write trailing newline to network kargs file\n * util: drop obsolete \u0027OEM\u0027 terminology\n * Inline variables into format strings\n * Update several build dependencies\n\n- Fixed in version 5.4.1:\n * cargo: add configuration for cargo-vendor-filterer\n * util: support DHCP option lookup from NetworkManager\n * util: factor out retries of DHCP option lookup\n * util: refactor DHCP option query helper into an enum\n * util: move dns_lease_key_lookup() to a separate module\n * cargo: update MSRV to 1.66\n * cargo: update all packages to fix build error\n * cargo: continue to support openssh-keys 0.5\n * cargo: drop serde_derive crate in favor of serde derive feature\n * cargo: use consistent declaration syntax for slog dependency\n * cargo: drop unused dependencies\n * cargo: continue to support base64 0.13\n * cargo: continue to support mailparse 0.13.8\n * cargo: continue to support clap 3.1\n * cargo: stop enabling LTO in release builds\n * providers/ibmcloud: avoid error if an ssh key not found in metadata\n * systemd: add explicit ordering, after multi-user.target\n * network: fix clippy 1.63.0 lints\n * cargo: allow serde_yaml 0.8\n * cargo: update version ranges for post-1.x deps\n * providers: Use inline `format!` in a few places\n * *: bump MSRV to 1.58.0\n * cargo: update clap to 3.2.5\n * copr: mark git checkout as safe\n * providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID\n * Update several build dependencies\n\n- Fixed in version 5.3.0:\n * systemd: enable sshkeys on Power VS platform\n * network: Encode information for systemd-networkd-wait-online\n * cargo: update to clap 3.1\n * cargo: enable clap wrap_help feature\n * cli: run clap tests\n * cli: avoid deprecated clap constructs\n * cargo: update to clap 3.0\n * cli: use clap mechanism to require exp subcommand\n * cargo: declare MSRV in Cargo.toml\n * cargo: update to Rust 2021; bump MSRV to 1.56.0\n * copr: abort if specfile fetch fails\n * providers/aws: add AWS_IPV6 attribute\n * providers/aws: bump metadata version to 2021-01-03\n * kubevirt: Add KubeVirt platform support\n * *.service: add/update Documentation field\n * aws/mock_tests: explicitly drop mocks before resetting\n * aws/mock_tests: split out IMDS tests\n * aws/mock_tests: factor out map building\n * *: use `RemainAfterExit` on all oneshot services\n * Update several build dependencies\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3785,SUSE-SLE-Micro-5.4-2025-3785",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3785-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3785-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253785-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3785-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042302.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE Bug 1242665",
"url": "https://bugzilla.suse.com/1242665"
},
{
"category": "self",
"summary": "SUSE Bug 1243850",
"url": "https://bugzilla.suse.com/1243850"
},
{
"category": "self",
"summary": "SUSE Bug 1244199",
"url": "https://bugzilla.suse.com/1244199"
},
{
"category": "self",
"summary": "SUSE Bug 1244675",
"url": "https://bugzilla.suse.com/1244675"
},
{
"category": "self",
"summary": "SUSE Bug 1250471",
"url": "https://bugzilla.suse.com/1250471"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5791/"
}
],
"title": "Security update for afterburn",
"tracking": {
"current_release_date": "2025-10-24T13:28:23Z",
"generator": {
"date": "2025-10-24T13:28:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3785-1",
"initial_release_date": "2025-10-24T13:28:23Z",
"revision_history": [
{
"date": "2025-10-24T13:28:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch",
"product": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch",
"product_id": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.ppc64le",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.ppc64le",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.s390x",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.s390x",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"product_id": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
},
"product_reference": "afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:23Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-5791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5791"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the user\u0027s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5791",
"url": "https://www.suse.com/security/cve/CVE-2025-5791"
},
{
"category": "external",
"summary": "SUSE Bug 1244187 for CVE-2025-5791",
"url": "https://bugzilla.suse.com/1244187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:afterburn-5.9.0.git21.a73f509-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:afterburn-dracut-5.9.0.git21.a73f509-150400.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:23Z",
"details": "important"
}
],
"title": "CVE-2025-5791"
}
]
}
SUSE-SU-2025:20491-1
Vulnerability from csaf_suse - Published: 2025-07-11 09:39 - Updated: 2025-07-11 09:39Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- CVE-2024-12224: idna: Fixed improper validation in punycode (bsc#1243861)
- Update to version 0.2.7+70:
* build(deps): bump wiremock from 0.6.2 to 0.6.3
* build(deps): bump uuid from 1.16.0 to 1.17.0
* lib: Introduce AgentIdentity structure
* gitignore: Add *.swp and *.orig to be ignored
* build(deps): bump clap from 4.5.38 to 4.5.39
* build(deps): bump tokio from 1.45.0 to 1.45.1
* Unify Push Model structures time formats to UTC (#1016)
* Add Quote related structures to Keylime library
* Remove configuration file trailing whitespaces (#1012)
* keylime-agent.conf: add all accepted TPM encryption algs
* tpm: add policy auth for EK to activate crendential
* Enable non standard key sizes and curves for EK and AK
* config: Use next_back() instead of last() for iterators
* Update to tss-esapi v7.6.0
* Avoid duplicated call to ctx.create_ek
* build(deps): bump clap from 4.5.23 to 4.5.38
* Add registration for Push Model client
* build(deps): bump tokio from 1.44.2 to 1.45.0
* build(deps): bump chrono from 0.4.40 to 0.4.41
* build(deps): bump tempfile from 3.17.1 to 3.20.0
* Refactor code: move error, registration to lib
* Move structure filling and URL selection code (#999)
* build(deps): bump pest_derive from 2.7.15 to 2.8.0
* build(deps): bump pest from 2.7.15 to 2.8.0
* build(deps): bump libc from 0.2.169 to 0.2.172
* Add Evidence/Authentication messages to prototype
* build(deps): bump uuid from 1.15.1 to 1.16.0
* build(deps): bump thiserror from 2.0.11 to 2.0.12
* build(deps): bump signal-hook from 0.3.17 to 0.3.18
* build(deps): bump log from 0.4.25 to 0.4.27
* build(deps): bump assert_cmd from 2.0.16 to 2.0.17
* build(deps): bump actix-web from 4.9.0 to 4.10.2
* build(deps): bump reqwest from 0.12.12 to 0.12.15
* build(deps): bump serde from 1.0.217 to 1.0.219
* Add unit tests for sessions.rs structures
* Add auth(sessions) structures
* Fix minor README.md issue (#988)
* Define EvidenceHandling structures (#971)
* Add mockoon test scenario
* Add client certificates to push-attestation prototype
* Cargo: bump url crate to version 2.5.4
* Add logging to the push attestation prototype
* Do not use certificate on insecure mode
* common: Move the EncryptedData structure from common to the library
* common: Move AuthTag from common to the library
* build(deps): bump openssl from 0.10.71 to 0.10.72
* common: Move Symmkey to library as crypto::symmkey
* common: Remove unused constants and static values
* build(deps): bump tokio from 1.43.0 to 1.44.2
* Refactor code: Include AgentIdentity structure
* Push model prototype
* Add support for ek certificate chain, stored in TPM NVRAM.
* Recover key_class field and set it as "asymmetric"
* Update push model structures to latest values
* build(deps): bump serde_json from 1.0.138 to 1.0.140
* packit: Add identifier for each copr_build job
* keylime-agent.conf: only mention ecdsa and rsassa for signing
* build(deps): bump openssl from 0.10.70 to 0.10.71
* build(deps): bump uuid from 1.13.2 to 1.15.1
* Add capabilities_negotiation structures
* packit: Add compatibility/api_version_compatibility test
* build(deps): bump uuid from 1.11.0 to 1.13.2
* build(deps): bump serde_json from 1.0.135 to 1.0.138
* build(deps): bump thiserror from 2.0.9 to 2.0.11
* build(deps): bump tempfile from 3.14.0 to 3.17.1
* Allow agent to start as non-root
* scripts: Fix coverage information downloading script
* build(deps): bump openssl from 0.10.68 to 0.10.70
* build(deps): bump tokio from 1.42.0 to 1.43.0
- Update to version 0.2.7+1:
* dist: Enable logging for keylime library in the service
* Bump version to 0.2.7
* scripts: Download coverage data from Testing Farm directly
* main: Remove unnecessary lifetime
* cargo: Bump pretty_env_logger to version 0.5.0
* scripts: Fix regex in download_packit_coverage.sh
* cargo: Bump clap crate to version 4.5.23
* cargo: Bump base64 crate to version 0.22.1
* build(deps): bump log from 0.4.22 to 0.4.25
* build(deps): bump serde_json from 1.0.133 to 1.0.135
* cargo: Bump tokio crate to version 1.42.0
* packit: Fix RPM builds on copr
* cargo: Bump thiserror crate to version 0.2.9
* cargo: Update reqwest to version 0.12.12
* build(deps): bump libc from 0.2.168 to 0.2.169
* build(deps): bump glob from 0.3.1 to 0.3.2
* version: Implement API version validation and ordering
* main: Support using multiple API versions for registration
* keylime: Introduce the registrar_client module
* Provide endpoints under multiple API versions
* Move 'serialization' module to the keylime library
* Drop unnecessary dependency on common::API_VERSION
* keylime-agent.conf: Bump version to 2.3
* build(deps): bump serde from 1.0.210 to 1.0.217
* build(deps): bump pest_derive from 2.7.14 to 2.7.15
* build(deps): bump pest from 2.7.14 to 2.7.15
* build(deps): bump libc from 0.2.167 to 0.2.168
* config: Make IAK and IDevID certificates optional
* Fix warnings reported by clippy
* workflows: Run job in the CI container directly
* tests: Add unit test for device ID builder
* main: Move IAK/IDevID related code to dedicated module
* tests: Add script to generate IAK and IDevID certificates
* build(deps): bump openssl from 0.10.66 to 0.10.68
* build(deps): bump uuid from 1.10.0 to 1.11.0
* build(deps): bump serde_json from 1.0.128 to 1.0.133
* build(deps): bump actix-web from 4.5.1 to 4.9.0
* build(deps): bump reqwest from 0.12.7 to 0.12.9
* tests/setup_swtpm.sh: Add script to setup temporary TPM
* Use a single TPM context and avoid race conditions during tests
* config: Enable passing a hostname instead of IP
* build(deps): bump clap from 4.3.11 to 4.5.21
* build(deps): bump tempfile from 3.10.1 to 3.14.0
* build(deps): bump pest_derive from 2.7.6 to 2.7.14
* build(deps): bump pest from 2.7.6 to 2.7.14
* build(deps): bump codecov/codecov-action from 4 to 5
* workflows: Submit the coverage for merged PR from Fedora 41
* tests: Use Fedora 41 to generate code coverage
* api: Make API configuration modular
* agent_handler: Move the /agent scope configuration
* notifications_handler: Move the /notifications scope configuration
* quotes_handler: Move the /quotes scope configuration to quotes_handler
* keys_handler: Move /keys scope configuration to keys_handler
* Use ${DESTDIR} for config
* Fix showing wrong UUID
* build(deps): bump actix-rt from 2.9.0 to 2.10.0
* config: Refactor AgentConfig Source trait implementation
* build(deps): bump log from 0.4.21 to 0.4.22
* build(deps): bump serde_json from 1.0.120 to 1.0.128
* tpm: check if EK certificate has valid ASN.1 DER encoding
* build(deps): bump futures from 0.3.27 to 0.3.31
* cargo: Bump reqwest to version 0.12.7
* build(deps): bump serde from 1.0.203 to 1.0.210
* tests: Add more tests to Packit CI
* build(deps): bump docker/build-push-action from 5 to 6
* tests: apply workarounds to known bugs
Patchnames
SUSE-SLE-Micro-6.0-380
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- CVE-2024-12224: idna: Fixed improper validation in punycode (bsc#1243861)\n\n- Update to version 0.2.7+70: \n * build(deps): bump wiremock from 0.6.2 to 0.6.3\n * build(deps): bump uuid from 1.16.0 to 1.17.0\n * lib: Introduce AgentIdentity structure\n * gitignore: Add *.swp and *.orig to be ignored\n * build(deps): bump clap from 4.5.38 to 4.5.39\n * build(deps): bump tokio from 1.45.0 to 1.45.1\n * Unify Push Model structures time formats to UTC (#1016)\n * Add Quote related structures to Keylime library\n * Remove configuration file trailing whitespaces (#1012)\n * keylime-agent.conf: add all accepted TPM encryption algs\n * tpm: add policy auth for EK to activate crendential\n * Enable non standard key sizes and curves for EK and AK\n * config: Use next_back() instead of last() for iterators\n * Update to tss-esapi v7.6.0\n * Avoid duplicated call to ctx.create_ek\n * build(deps): bump clap from 4.5.23 to 4.5.38\n * Add registration for Push Model client\n * build(deps): bump tokio from 1.44.2 to 1.45.0\n * build(deps): bump chrono from 0.4.40 to 0.4.41\n * build(deps): bump tempfile from 3.17.1 to 3.20.0\n * Refactor code: move error, registration to lib\n * Move structure filling and URL selection code (#999)\n * build(deps): bump pest_derive from 2.7.15 to 2.8.0\n * build(deps): bump pest from 2.7.15 to 2.8.0\n * build(deps): bump libc from 0.2.169 to 0.2.172\n * Add Evidence/Authentication messages to prototype\n * build(deps): bump uuid from 1.15.1 to 1.16.0\n * build(deps): bump thiserror from 2.0.11 to 2.0.12\n * build(deps): bump signal-hook from 0.3.17 to 0.3.18\n * build(deps): bump log from 0.4.25 to 0.4.27\n * build(deps): bump assert_cmd from 2.0.16 to 2.0.17\n * build(deps): bump actix-web from 4.9.0 to 4.10.2\n * build(deps): bump reqwest from 0.12.12 to 0.12.15\n * build(deps): bump serde from 1.0.217 to 1.0.219\n * Add unit tests for sessions.rs structures\n * Add auth(sessions) structures\n * Fix minor README.md issue (#988)\n * Define EvidenceHandling structures (#971)\n * Add mockoon test scenario\n * Add client certificates to push-attestation prototype\n * Cargo: bump url crate to version 2.5.4\n * Add logging to the push attestation prototype\n * Do not use certificate on insecure mode\n * common: Move the EncryptedData structure from common to the library\n * common: Move AuthTag from common to the library\n * build(deps): bump openssl from 0.10.71 to 0.10.72\n * common: Move Symmkey to library as crypto::symmkey\n * common: Remove unused constants and static values\n * build(deps): bump tokio from 1.43.0 to 1.44.2\n * Refactor code: Include AgentIdentity structure\n * Push model prototype\n * Add support for ek certificate chain, stored in TPM NVRAM.\n * Recover key_class field and set it as \"asymmetric\"\n * Update push model structures to latest values\n * build(deps): bump serde_json from 1.0.138 to 1.0.140\n * packit: Add identifier for each copr_build job\n * keylime-agent.conf: only mention ecdsa and rsassa for signing\n * build(deps): bump openssl from 0.10.70 to 0.10.71\n * build(deps): bump uuid from 1.13.2 to 1.15.1\n * Add capabilities_negotiation structures\n * packit: Add compatibility/api_version_compatibility test\n * build(deps): bump uuid from 1.11.0 to 1.13.2\n * build(deps): bump serde_json from 1.0.135 to 1.0.138\n * build(deps): bump thiserror from 2.0.9 to 2.0.11\n * build(deps): bump tempfile from 3.14.0 to 3.17.1\n * Allow agent to start as non-root\n * scripts: Fix coverage information downloading script\n * build(deps): bump openssl from 0.10.68 to 0.10.70\n * build(deps): bump tokio from 1.42.0 to 1.43.0\n\n- Update to version 0.2.7+1:\n * dist: Enable logging for keylime library in the service\n * Bump version to 0.2.7\n * scripts: Download coverage data from Testing Farm directly\n * main: Remove unnecessary lifetime\n * cargo: Bump pretty_env_logger to version 0.5.0\n * scripts: Fix regex in download_packit_coverage.sh\n * cargo: Bump clap crate to version 4.5.23\n * cargo: Bump base64 crate to version 0.22.1\n * build(deps): bump log from 0.4.22 to 0.4.25\n * build(deps): bump serde_json from 1.0.133 to 1.0.135\n * cargo: Bump tokio crate to version 1.42.0\n * packit: Fix RPM builds on copr\n * cargo: Bump thiserror crate to version 0.2.9\n * cargo: Update reqwest to version 0.12.12\n * build(deps): bump libc from 0.2.168 to 0.2.169\n * build(deps): bump glob from 0.3.1 to 0.3.2\n * version: Implement API version validation and ordering\n * main: Support using multiple API versions for registration\n * keylime: Introduce the registrar_client module\n * Provide endpoints under multiple API versions\n * Move \u0027serialization\u0027 module to the keylime library\n * Drop unnecessary dependency on common::API_VERSION\n * keylime-agent.conf: Bump version to 2.3\n * build(deps): bump serde from 1.0.210 to 1.0.217\n * build(deps): bump pest_derive from 2.7.14 to 2.7.15\n * build(deps): bump pest from 2.7.14 to 2.7.15\n * build(deps): bump libc from 0.2.167 to 0.2.168\n * config: Make IAK and IDevID certificates optional\n * Fix warnings reported by clippy\n * workflows: Run job in the CI container directly\n * tests: Add unit test for device ID builder\n * main: Move IAK/IDevID related code to dedicated module\n * tests: Add script to generate IAK and IDevID certificates\n * build(deps): bump openssl from 0.10.66 to 0.10.68\n * build(deps): bump uuid from 1.10.0 to 1.11.0\n * build(deps): bump serde_json from 1.0.128 to 1.0.133\n * build(deps): bump actix-web from 4.5.1 to 4.9.0\n * build(deps): bump reqwest from 0.12.7 to 0.12.9\n * tests/setup_swtpm.sh: Add script to setup temporary TPM\n * Use a single TPM context and avoid race conditions during tests\n * config: Enable passing a hostname instead of IP\n * build(deps): bump clap from 4.3.11 to 4.5.21\n * build(deps): bump tempfile from 3.10.1 to 3.14.0\n * build(deps): bump pest_derive from 2.7.6 to 2.7.14\n * build(deps): bump pest from 2.7.6 to 2.7.14\n * build(deps): bump codecov/codecov-action from 4 to 5\n * workflows: Submit the coverage for merged PR from Fedora 41\n * tests: Use Fedora 41 to generate code coverage\n * api: Make API configuration modular\n * agent_handler: Move the /agent scope configuration\n * notifications_handler: Move the /notifications scope configuration\n * quotes_handler: Move the /quotes scope configuration to quotes_handler\n * keys_handler: Move /keys scope configuration to keys_handler\n * Use ${DESTDIR} for config\n * Fix showing wrong UUID\n * build(deps): bump actix-rt from 2.9.0 to 2.10.0\n * config: Refactor AgentConfig Source trait implementation\n * build(deps): bump log from 0.4.21 to 0.4.22\n * build(deps): bump serde_json from 1.0.120 to 1.0.128\n * tpm: check if EK certificate has valid ASN.1 DER encoding\n * build(deps): bump futures from 0.3.27 to 0.3.31\n * cargo: Bump reqwest to version 0.12.7\n * build(deps): bump serde from 1.0.203 to 1.0.210\n * tests: Add more tests to Packit CI\n * build(deps): bump docker/build-push-action from 5 to 6\n * tests: apply workarounds to known bugs\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-380",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20491-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20491-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520491-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20491-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040930.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-07-11T09:39:57Z",
"generator": {
"date": "2025-07-11T09:39:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20491-1",
"initial_release_date": "2025-07-11T09:39:57Z",
"revision_history": [
{
"date": "2025-07-11T09:39:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+70-1.1.aarch64",
"product_id": "rust-keylime-0.2.7+70-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-1.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+70-1.1.s390x",
"product_id": "rust-keylime-0.2.7+70-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+70-1.1.x86_64",
"product_id": "rust-keylime-0.2.7+70-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+70-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+70-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+70-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-11T09:39:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
SUSE-SU-2025:03306-1
Vulnerability from csaf_suse - Published: 2025-09-23 13:13 - Updated: 2025-09-23 13:13Summary
Security update for sevctl
Notes
Title of the patch
Security update for sevctl
Description of the patch
This update for sevctl fixes the following issues:
- CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860)
- CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618)
Patchnames
SUSE-2025-3306,SUSE-SLE-Module-Server-Applications-15-SP7-2025-3306
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sevctl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sevctl fixes the following issues:\n\n- CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860) \n- CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3306,SUSE-SLE-Module-Server-Applications-15-SP7-2025-3306",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03306-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03306-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503306-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03306-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041814.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242618",
"url": "https://bugzilla.suse.com/1242618"
},
{
"category": "self",
"summary": "SUSE Bug 1243860",
"url": "https://bugzilla.suse.com/1243860"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
}
],
"title": "Security update for sevctl",
"tracking": {
"current_release_date": "2025-09-23T13:13:44Z",
"generator": {
"date": "2025-09-23T13:13:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03306-1",
"initial_release_date": "2025-09-23T13:13:44Z",
"revision_history": [
{
"date": "2025-09-23T13:13:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sevctl-0.6.0-150700.3.3.1.x86_64",
"product": {
"name": "sevctl-0.6.0-150700.3.3.1.x86_64",
"product_id": "sevctl-0.6.0-150700.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sevctl-0.6.0-150700.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
},
"product_reference": "sevctl-0.6.0-150700.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T13:13:44Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-23T13:13:44Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
}
]
}
SUSE-RU-2025:02203-1
Vulnerability from csaf_suse - Published: 2025-07-02 13:42 - Updated: 2025-07-02 13:42Summary
Recommended update for aws-nitro-enclaves-cli
Notes
Title of the patch
Recommended update for aws-nitro-enclaves-cli
Description of the patch
This update for aws-nitro-enclaves-cli fixes the following issues:
- Fix idna accepts Punycode labels that
do not produce any non-ASCII when decoded (bsc#1243859)
- Update to version 1.4.2
- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6
- Update to version 1.3.3~git0.afb7264
- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a
Patchnames
SUSE-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-2203
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for aws-nitro-enclaves-cli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for aws-nitro-enclaves-cli fixes the following issues:\n\n- Fix idna accepts Punycode labels that\n do not produce any non-ASCII when decoded (bsc#1243859)\n- Update to version 1.4.2\n- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6\n- Update to version 1.3.3~git0.afb7264\n- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-2203",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2025_02203-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2025:02203-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-202502203-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2025:02203-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040593.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243859",
"url": "https://bugzilla.suse.com/1243859"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Recommended update for aws-nitro-enclaves-cli",
"tracking": {
"current_release_date": "2025-07-02T13:42:27Z",
"generator": {
"date": "2025-07-02T13:42:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2025:02203-1",
"initial_release_date": "2025-07-02T13:42:27Z",
"revision_history": [
{
"date": "2025-07-02T13:42:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-02T13:42:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
SUSE-SU-2025:02809-1
Vulnerability from csaf_suse - Published: 2025-08-15 12:51 - Updated: 2025-08-15 12:51Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
Patchnames
SUSE-2025-2809,SUSE-SLE-Micro-5.3-2025-2809
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n \n- Update to version 0.2.7+117:\n * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2809,SUSE-SLE-Micro-5.3-2025-2809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02809-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02809-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502809-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02809-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041230.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210344",
"url": "https://bugzilla.suse.com/1210344"
},
{
"category": "self",
"summary": "SUSE Bug 1223234",
"url": "https://bugzilla.suse.com/1223234"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-08-15T12:51:37Z",
"generator": {
"date": "2025-08-15T12:51:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02809-1",
"initial_release_date": "2025-08-15T12:51:37Z",
"revision_history": [
{
"date": "2025-08-15T12:51:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.ppc64le",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "important"
}
],
"title": "CVE-2025-58266"
}
]
}
SUSE-RU-2025:02204-1
Vulnerability from csaf_suse - Published: 2025-07-02 13:42 - Updated: 2025-07-02 13:42Summary
Recommended update for aws-nitro-enclaves-cli
Notes
Title of the patch
Recommended update for aws-nitro-enclaves-cli
Description of the patch
This update for aws-nitro-enclaves-cli fixes the following issues:
- Fix idna accepts Punycode labels that
do not produce any non-ASCII when decoded (bsc#1243859)
- Update to version 1.4.2
- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6
- Update to version 1.3.3~git0.afb7264
- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a
Patchnames
SUSE-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-2204,openSUSE-SLE-15.6-2025-2204
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for aws-nitro-enclaves-cli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for aws-nitro-enclaves-cli fixes the following issues:\n\n- Fix idna accepts Punycode labels that \n do not produce any non-ASCII when decoded (bsc#1243859) \n- Update to version 1.4.2\n- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6\n- Update to version 1.3.3~git0.afb7264\n- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-2204,openSUSE-SLE-15.6-2025-2204",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2025_02204-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2025:02204-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-202502204-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2025:02204-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040592.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243859",
"url": "https://bugzilla.suse.com/1243859"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Recommended update for aws-nitro-enclaves-cli",
"tracking": {
"current_release_date": "2025-07-02T13:42:39Z",
"generator": {
"date": "2025-07-02T13:42:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2025:02204-1",
"initial_release_date": "2025-07-02T13:42:39Z",
"revision_history": [
{
"date": "2025-07-02T13:42:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-02T13:42:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
SUSE-SU-2025:3784-1
Vulnerability from csaf_suse - Published: 2025-10-24 13:28 - Updated: 2025-10-24 13:28Summary
Security update for afterburn
Notes
Title of the patch
Security update for afterburn
Description of the patch
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
Patchnames
SUSE-2025-3784,SUSE-SLE-Micro-5.5-2025-3784
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for afterburn",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for afterburn fixes the following issues:\n\nUpdate to version 5.9.0.git21.a73f509.\n\nSecurity issues fixed:\n\n- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large\n repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).\n- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect\n hostname comparisons and incorrect URL parsing (bsc#1243850).\n- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups\n can lead to privilege escalation when information is used for access control (bsc#1244199).\n- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can\n lead to use-after-free (bsc#1242665).\n\nOther issues fixed:\n\n- Fixed in version 5.9.0.git21.a73f509:\n * cargo: update dependencies\n * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat\n * microsoft/azure: Fix SharedConfig parsing of XML attributes\n * microsoft/azure: Mock goalstate.SharedConfig output in tests\n * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).\n * upcloud: implement UpCloud provider\n * Update several build dependencies\n \n- Fixed in version 5.9.0:\n * cargo: update dependencies\n * dracut: Return 255 in module-setup\n * oraclecloud: add release note and move base URL to constant\n * oraclecloud: implement oraclecloud provider\n * Update several build dependencies\n\n- Fixed in version 5.8.2:\n * cargo: update dependencies\n * packit: add initial support\n\n- Fixed in version 5.7.0.git103.bae893c:\n * proxmoxve: Add more context to log messages.\n * proxmoxve: Remove unneeded fields\n * proxmoxve: Add tests for static network configuration from cloud-init.\n * proxmoxve: Add support for static network configuration from cloud-init.\n * providers/openstack: ignore ec2 metadata if not present\n * proxmox: use noop provider if no configdrive\n * Update several build dependencies\n\n- Fixed in version 5.7.0:\n * cargo: update dependencies\n * dhcp: replace dbus_proxy with proxy, and zbus traits\n * providers/hetzner: private ipv4 addresses in attributes\n * openstack: Document the two platforms\n * microsoft/azure: allow empty certificate chain in PKCS12 file\n * proxmoxve: implement proxmoxve provider\n * providers/hetzner: fix duplicate attribute prefix\n * lint: silence deadcode warnings\n * lint: address latest lint\u0027s from msrv update\n * cargo: update msrv to 1.75\n * providers: Add \u0027akamai\u0027 provider\n * providers/vmware: add missing public functions for non-amd64\n * providers/vmware: Process guestinfo.metadata netplan configuration\n * kubevirt: Run afterburn-hostname service\n * providers: add support for scaleway\n * Move away from deprecated `users` to `uzers`\n * providers/hetzner: add support for Hetzner Cloud\n * cargo: update MSRV to 1.71\n * cargo: specify required features for nix dependency\n * openstack: Add attribute OPENSTACK_INSTANCE_UUID\n * cargo: allow openssl 0.10.46\n * build-sys: Use new tier = 2 for cargo-vendor-filterer\n * cargo: fix minimum version of openssl crate\n * microsoft/crypto/mod: replace deprecated function `parse` with `parse2`\n * cli: switch to clap derive\n * cli: add descriptive value names for option arguments in --help\n * cli: have clap require exactly one of --cmdline/--provider\n * providers/`*`: move endpoint mocking into retry::Client\n * retry/client: move URL parsing into helper function\n * providers/microsoft: import crate::retry\n * providers/microsoft: use stored client for all fetches\n * providers/packet: use stored client for boot checkin\n * initrd: remember to write trailing newline to network kargs file\n * util: drop obsolete \u0027OEM\u0027 terminology\n * Inline variables into format strings\n * Update several build dependencies\n\n- Fixed in version 5.4.1:\n * cargo: add configuration for cargo-vendor-filterer\n * util: support DHCP option lookup from NetworkManager\n * util: factor out retries of DHCP option lookup\n * util: refactor DHCP option query helper into an enum\n * util: move dns_lease_key_lookup() to a separate module\n * cargo: update MSRV to 1.66\n * cargo: update all packages to fix build error\n * cargo: continue to support openssh-keys 0.5\n * cargo: drop serde_derive crate in favor of serde derive feature\n * cargo: use consistent declaration syntax for slog dependency\n * cargo: drop unused dependencies\n * cargo: continue to support base64 0.13\n * cargo: continue to support mailparse 0.13.8\n * cargo: continue to support clap 3.1\n * cargo: stop enabling LTO in release builds\n * providers/ibmcloud: avoid error if an ssh key not found in metadata\n * systemd: add explicit ordering, after multi-user.target\n * network: fix clippy 1.63.0 lints\n * cargo: allow serde_yaml 0.8\n * cargo: update version ranges for post-1.x deps\n * providers: Use inline `format!` in a few places\n * *: bump MSRV to 1.58.0\n * cargo: update clap to 3.2.5\n * copr: mark git checkout as safe\n * providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID\n * Update several build dependencies\n\n- Fixed in version 5.3.0:\n * systemd: enable sshkeys on Power VS platform\n * network: Encode information for systemd-networkd-wait-online\n * cargo: update to clap 3.1\n * cargo: enable clap wrap_help feature\n * cli: run clap tests\n * cli: avoid deprecated clap constructs\n * cargo: update to clap 3.0\n * cli: use clap mechanism to require exp subcommand\n * cargo: declare MSRV in Cargo.toml\n * cargo: update to Rust 2021; bump MSRV to 1.56.0\n * copr: abort if specfile fetch fails\n * providers/aws: add AWS_IPV6 attribute\n * providers/aws: bump metadata version to 2021-01-03\n * kubevirt: Add KubeVirt platform support\n * *.service: add/update Documentation field\n * aws/mock_tests: explicitly drop mocks before resetting\n * aws/mock_tests: split out IMDS tests\n * aws/mock_tests: factor out map building\n * *: use `RemainAfterExit` on all oneshot services\n * Update several build dependencies\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3784,SUSE-SLE-Micro-5.5-2025-3784",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_3784-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:3784-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20253784-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:3784-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042303.html"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE Bug 1242665",
"url": "https://bugzilla.suse.com/1242665"
},
{
"category": "self",
"summary": "SUSE Bug 1243850",
"url": "https://bugzilla.suse.com/1243850"
},
{
"category": "self",
"summary": "SUSE Bug 1244199",
"url": "https://bugzilla.suse.com/1244199"
},
{
"category": "self",
"summary": "SUSE Bug 1244675",
"url": "https://bugzilla.suse.com/1244675"
},
{
"category": "self",
"summary": "SUSE Bug 1250471",
"url": "https://bugzilla.suse.com/1250471"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5791 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5791/"
}
],
"title": "Security update for afterburn",
"tracking": {
"current_release_date": "2025-10-24T13:28:17Z",
"generator": {
"date": "2025-10-24T13:28:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:3784-1",
"initial_release_date": "2025-10-24T13:28:17Z",
"revision_history": [
{
"date": "2025-10-24T13:28:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"product_id": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch",
"product": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch",
"product_id": "afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.ppc64le",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.ppc64le",
"product_id": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.s390x",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.s390x",
"product_id": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"product": {
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"product_id": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64"
},
"product_reference": "afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
},
"product_reference": "afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:17Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:17Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:17Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-5791",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5791"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the user\u0027s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5791",
"url": "https://www.suse.com/security/cve/CVE-2025-5791"
},
{
"category": "external",
"summary": "SUSE Bug 1244187 for CVE-2025-5791",
"url": "https://bugzilla.suse.com/1244187"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:afterburn-5.9.0.git21.a73f509-150500.3.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:afterburn-dracut-5.9.0.git21.a73f509-150500.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-24T13:28:17Z",
"details": "important"
}
],
"title": "CVE-2025-5791"
}
]
}
SUSE-SU-2025:03445-1
Vulnerability from csaf_suse - Published: 2025-10-01 13:09 - Updated: 2025-10-01 13:09Summary
Security update for snpguest
Notes
Title of the patch
Security update for snpguest
Description of the patch
This update for snpguest fixes the following issues:
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243869).
- CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value is passed to the
`properties` argument (bsc#1242601).
Patchnames
SUSE-2025-3445,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3445,openSUSE-SLE-15.6-2025-3445
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snpguest",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snpguest fixes the following issues:\n\n- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect\n hostname comparisons and incorrect URL parsing (bsc#1243869).\n- CVE-2025-3416: openssl: use-after-free in `Md::fetch` and `Cipher::fetch` when `Some(...)` value is passed to the\n `properties` argument (bsc#1242601).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-3445,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3445,openSUSE-SLE-15.6-2025-3445",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03445-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:03445-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503445-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:03445-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/041988.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242601",
"url": "https://bugzilla.suse.com/1242601"
},
{
"category": "self",
"summary": "SUSE Bug 1243869",
"url": "https://bugzilla.suse.com/1243869"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
}
],
"title": "Security update for snpguest",
"tracking": {
"current_release_date": "2025-10-01T13:09:59Z",
"generator": {
"date": "2025-10-01T13:09:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:03445-1",
"initial_release_date": "2025-10-01T13:09:59Z",
"revision_history": [
{
"date": "2025-10-01T13:09:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.3.2-150600.3.6.1.x86_64",
"product": {
"name": "snpguest-0.3.2-150600.3.6.1.x86_64",
"product_id": "snpguest-0.3.2-150600.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.3.2-150600.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64"
},
"product_reference": "snpguest-0.3.2-150600.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.3.2-150600.3.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
},
"product_reference": "snpguest-0.3.2-150600.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-01T13:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-01T13:09:59Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
}
]
}
SUSE-SU-2025:20858-1
Vulnerability from csaf_suse - Published: 2025-10-14 13:18 - Updated: 2025-10-14 13:18Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- CVE-2025-55159: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006)
- CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623)
- CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193)
- CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952)
- CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861)
- RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029)
Patchnames
SUSE-SLE-Micro-6.1-300
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- CVE-2025-55159: slab: incorrect bounds check in get_disjoint_mut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006)\n- CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623)\n- CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193)\n- CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952)\n- CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861)\n\n- RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-300",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20858-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20858-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520858-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20858-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042320.html"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE Bug 1248006",
"url": "https://bugzilla.suse.com/1248006"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2024-58266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55159/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-10-14T13:18:43Z",
"generator": {
"date": "2025-10-14T13:18:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20858-1",
"initial_release_date": "2025-10-14T13:18:43Z",
"revision_history": [
{
"date": "2025-10-14T13:18:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"product_id": "rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"product_id": "rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"product_id": "rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64",
"product_id": "rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2024-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-58266"
}
],
"notes": [
{
"category": "general",
"text": "The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \\xa0 characters, which may facilitate command injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-58266",
"url": "https://www.suse.com/security/cve/CVE-2024-58266"
},
{
"category": "external",
"summary": "SUSE Bug 1247186 for CVE-2024-58266",
"url": "https://bugzilla.suse.com/1247186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2024-58266"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-55159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55159"
}
],
"notes": [
{
"category": "general",
"text": "slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab\u0027s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab\u0027s actual length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55159",
"url": "https://www.suse.com/security/cve/CVE-2025-55159"
},
{
"category": "external",
"summary": "SUSE Bug 1248000 for CVE-2025-55159",
"url": "https://bugzilla.suse.com/1248000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+12-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-14T13:18:43Z",
"details": "moderate"
}
],
"title": "CVE-2025-55159"
}
]
}
OPENSUSE-SU-2025:15201-1
Vulnerability from csaf_opensuse - Published: 2025-06-04 00:00 - Updated: 2025-06-04 00:00Summary
python311-nh3-0.2.17-2.1 on GA media
Notes
Title of the patch
python311-nh3-0.2.17-2.1 on GA media
Description of the patch
These are all security issues fixed in the python311-nh3-0.2.17-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15201
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-nh3-0.2.17-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-nh3-0.2.17-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15201",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15201-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "python311-nh3-0.2.17-2.1 on GA media",
"tracking": {
"current_release_date": "2025-06-04T00:00:00Z",
"generator": {
"date": "2025-06-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15201-1",
"initial_release_date": "2025-06-04T00:00:00Z",
"revision_history": [
{
"date": "2025-06-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.aarch64",
"product": {
"name": "python311-nh3-0.2.17-2.1.aarch64",
"product_id": "python311-nh3-0.2.17-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.aarch64",
"product": {
"name": "python312-nh3-0.2.17-2.1.aarch64",
"product_id": "python312-nh3-0.2.17-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.aarch64",
"product": {
"name": "python313-nh3-0.2.17-2.1.aarch64",
"product_id": "python313-nh3-0.2.17-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.ppc64le",
"product": {
"name": "python311-nh3-0.2.17-2.1.ppc64le",
"product_id": "python311-nh3-0.2.17-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.ppc64le",
"product": {
"name": "python312-nh3-0.2.17-2.1.ppc64le",
"product_id": "python312-nh3-0.2.17-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.ppc64le",
"product": {
"name": "python313-nh3-0.2.17-2.1.ppc64le",
"product_id": "python313-nh3-0.2.17-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.s390x",
"product": {
"name": "python311-nh3-0.2.17-2.1.s390x",
"product_id": "python311-nh3-0.2.17-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.s390x",
"product": {
"name": "python312-nh3-0.2.17-2.1.s390x",
"product_id": "python312-nh3-0.2.17-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.s390x",
"product": {
"name": "python313-nh3-0.2.17-2.1.s390x",
"product_id": "python313-nh3-0.2.17-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.x86_64",
"product": {
"name": "python311-nh3-0.2.17-2.1.x86_64",
"product_id": "python311-nh3-0.2.17-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.x86_64",
"product": {
"name": "python312-nh3-0.2.17-2.1.x86_64",
"product_id": "python312-nh3-0.2.17-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.x86_64",
"product": {
"name": "python313-nh3-0.2.17-2.1.x86_64",
"product_id": "python313-nh3-0.2.17-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64"
},
"product_reference": "python311-nh3-0.2.17-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le"
},
"product_reference": "python311-nh3-0.2.17-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x"
},
"product_reference": "python311-nh3-0.2.17-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64"
},
"product_reference": "python311-nh3-0.2.17-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64"
},
"product_reference": "python312-nh3-0.2.17-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le"
},
"product_reference": "python312-nh3-0.2.17-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x"
},
"product_reference": "python312-nh3-0.2.17-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64"
},
"product_reference": "python312-nh3-0.2.17-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64"
},
"product_reference": "python313-nh3-0.2.17-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le"
},
"product_reference": "python313-nh3-0.2.17-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x"
},
"product_reference": "python313-nh3-0.2.17-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
},
"product_reference": "python313-nh3-0.2.17-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
OPENSUSE-SU-2025:15551-1
Vulnerability from csaf_opensuse - Published: 2025-09-14 00:00 - Updated: 2025-09-14 00:00Summary
cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media
Notes
Title of the patch
cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media
Description of the patch
These are all security issues fixed in the cargo-c-0.10.3~git0.ee7d7ef-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15551
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-c-0.10.3~git0.ee7d7ef-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15551",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15551-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4574 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58160/"
}
],
"title": "cargo-c-0.10.3~git0.ee7d7ef-4.1 on GA media",
"tracking": {
"current_release_date": "2025-09-14T00:00:00Z",
"generator": {
"date": "2025-09-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15551-1",
"initial_release_date": "2025-09-14T00:00:00Z",
"revision_history": [
{
"date": "2025-09-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"product": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"product_id": "cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"product": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"product_id": "cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"product": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"product_id": "cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64",
"product": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64",
"product_id": "cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64"
},
"product_reference": "cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le"
},
"product_reference": "cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x"
},
"product_reference": "cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
},
"product_reference": "cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-4574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4574"
}
],
"notes": [
{
"category": "general",
"text": "In crossbeam-channel rust crate, the internal `Channel` type\u0027s `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4574",
"url": "https://www.suse.com/security/cve/CVE-2025-4574"
},
{
"category": "external",
"summary": "SUSE Bug 1243169 for CVE-2025-4574",
"url": "https://bugzilla.suse.com/1243169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4574"
},
{
"cve": "CVE-2025-58160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58160"
}
],
"notes": [
{
"category": "general",
"text": "tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58160",
"url": "https://www.suse.com/security/cve/CVE-2025-58160"
},
{
"category": "external",
"summary": "SUSE Bug 1249007 for CVE-2025-58160",
"url": "https://bugzilla.suse.com/1249007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.3~git0.ee7d7ef-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-14T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-58160"
}
]
}
OPENSUSE-SU-2025:15550-1
Vulnerability from csaf_opensuse - Published: 2025-09-14 00:00 - Updated: 2025-09-14 00:00Summary
cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media
Notes
Title of the patch
cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media
Description of the patch
These are all security issues fixed in the cargo-audit-0.21.2~git0.18e58c2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15550
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-audit-0.21.2~git0.18e58c2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15550",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15550-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4574 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58160/"
}
],
"title": "cargo-audit-0.21.2~git0.18e58c2-2.1 on GA media",
"tracking": {
"current_release_date": "2025-09-14T00:00:00Z",
"generator": {
"date": "2025-09-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15550-1",
"initial_release_date": "2025-09-14T00:00:00Z",
"revision_history": [
{
"date": "2025-09-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"product": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"product_id": "cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"product": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"product_id": "cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"product": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"product_id": "cargo-audit-0.21.2~git0.18e58c2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64",
"product": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64",
"product_id": "cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64"
},
"product_reference": "cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le"
},
"product_reference": "cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x"
},
"product_reference": "cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
},
"product_reference": "cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-4574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4574"
}
],
"notes": [
{
"category": "general",
"text": "In crossbeam-channel rust crate, the internal `Channel` type\u0027s `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4574",
"url": "https://www.suse.com/security/cve/CVE-2025-4574"
},
{
"category": "external",
"summary": "SUSE Bug 1243169 for CVE-2025-4574",
"url": "https://bugzilla.suse.com/1243169"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-14T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4574"
},
{
"cve": "CVE-2025-58160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58160"
}
],
"notes": [
{
"category": "general",
"text": "tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58160",
"url": "https://www.suse.com/security/cve/CVE-2025-58160"
},
{
"category": "external",
"summary": "SUSE Bug 1249007 for CVE-2025-58160",
"url": "https://bugzilla.suse.com/1249007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.21.2~git0.18e58c2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-09-14T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-58160"
}
]
}
OPENSUSE-SU-2025:15202-1
Vulnerability from csaf_opensuse - Published: 2025-06-04 00:00 - Updated: 2025-06-04 00:00Summary
python311-selenium-4.25.0-5.1 on GA media
Notes
Title of the patch
python311-selenium-4.25.0-5.1 on GA media
Description of the patch
These are all security issues fixed in the python311-selenium-4.25.0-5.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15202
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-selenium-4.25.0-5.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-selenium-4.25.0-5.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15202",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15202-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "python311-selenium-4.25.0-5.1 on GA media",
"tracking": {
"current_release_date": "2025-06-04T00:00:00Z",
"generator": {
"date": "2025-06-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15202-1",
"initial_release_date": "2025-06-04T00:00:00Z",
"revision_history": [
{
"date": "2025-06-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.aarch64",
"product": {
"name": "python311-selenium-4.25.0-5.1.aarch64",
"product_id": "python311-selenium-4.25.0-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.aarch64",
"product": {
"name": "python312-selenium-4.25.0-5.1.aarch64",
"product_id": "python312-selenium-4.25.0-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.aarch64",
"product": {
"name": "python313-selenium-4.25.0-5.1.aarch64",
"product_id": "python313-selenium-4.25.0-5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.ppc64le",
"product": {
"name": "python311-selenium-4.25.0-5.1.ppc64le",
"product_id": "python311-selenium-4.25.0-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.ppc64le",
"product": {
"name": "python312-selenium-4.25.0-5.1.ppc64le",
"product_id": "python312-selenium-4.25.0-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.ppc64le",
"product": {
"name": "python313-selenium-4.25.0-5.1.ppc64le",
"product_id": "python313-selenium-4.25.0-5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.s390x",
"product": {
"name": "python311-selenium-4.25.0-5.1.s390x",
"product_id": "python311-selenium-4.25.0-5.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.s390x",
"product": {
"name": "python312-selenium-4.25.0-5.1.s390x",
"product_id": "python312-selenium-4.25.0-5.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.s390x",
"product": {
"name": "python313-selenium-4.25.0-5.1.s390x",
"product_id": "python313-selenium-4.25.0-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.x86_64",
"product": {
"name": "python311-selenium-4.25.0-5.1.x86_64",
"product_id": "python311-selenium-4.25.0-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.x86_64",
"product": {
"name": "python312-selenium-4.25.0-5.1.x86_64",
"product_id": "python312-selenium-4.25.0-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.x86_64",
"product": {
"name": "python313-selenium-4.25.0-5.1.x86_64",
"product_id": "python313-selenium-4.25.0-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64"
},
"product_reference": "python311-selenium-4.25.0-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le"
},
"product_reference": "python311-selenium-4.25.0-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x"
},
"product_reference": "python311-selenium-4.25.0-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64"
},
"product_reference": "python311-selenium-4.25.0-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64"
},
"product_reference": "python312-selenium-4.25.0-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le"
},
"product_reference": "python312-selenium-4.25.0-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x"
},
"product_reference": "python312-selenium-4.25.0-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64"
},
"product_reference": "python312-selenium-4.25.0-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64"
},
"product_reference": "python313-selenium-4.25.0-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le"
},
"product_reference": "python313-selenium-4.25.0-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x"
},
"product_reference": "python313-selenium-4.25.0-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
},
"product_reference": "python313-selenium-4.25.0-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
OPENSUSE-SU-2025:15656-1
Vulnerability from csaf_opensuse - Published: 2025-10-21 00:00 - Updated: 2025-10-21 00:00Summary
sccache-0.12.0~1-1.1 on GA media
Notes
Title of the patch
sccache-0.12.0~1-1.1 on GA media
Description of the patch
These are all security issues fixed in the sccache-0.12.0~1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15656
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "sccache-0.12.0~1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the sccache-0.12.0~1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15656",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15656-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "sccache-0.12.0~1-1.1 on GA media",
"tracking": {
"current_release_date": "2025-10-21T00:00:00Z",
"generator": {
"date": "2025-10-21T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15656-1",
"initial_release_date": "2025-10-21T00:00:00Z",
"revision_history": [
{
"date": "2025-10-21T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.12.0~1-1.1.aarch64",
"product": {
"name": "sccache-0.12.0~1-1.1.aarch64",
"product_id": "sccache-0.12.0~1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.12.0~1-1.1.ppc64le",
"product": {
"name": "sccache-0.12.0~1-1.1.ppc64le",
"product_id": "sccache-0.12.0~1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.12.0~1-1.1.s390x",
"product": {
"name": "sccache-0.12.0~1-1.1.s390x",
"product_id": "sccache-0.12.0~1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.12.0~1-1.1.x86_64",
"product": {
"name": "sccache-0.12.0~1-1.1.x86_64",
"product_id": "sccache-0.12.0~1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.12.0~1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.12.0~1-1.1.aarch64"
},
"product_reference": "sccache-0.12.0~1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.12.0~1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.12.0~1-1.1.ppc64le"
},
"product_reference": "sccache-0.12.0~1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.12.0~1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.12.0~1-1.1.s390x"
},
"product_reference": "sccache-0.12.0~1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.12.0~1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.12.0~1-1.1.x86_64"
},
"product_reference": "sccache-0.12.0~1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.aarch64",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.s390x",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.aarch64",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.s390x",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.aarch64",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.s390x",
"openSUSE Tumbleweed:sccache-0.12.0~1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-10-21T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
OPENSUSE-SU-2025:15294-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
keylime-ima-policy-0.2.7+70-2.1 on GA media
Notes
Title of the patch
keylime-ima-policy-0.2.7+70-2.1 on GA media
Description of the patch
These are all security issues fixed in the keylime-ima-policy-0.2.7+70-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15294
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "keylime-ima-policy-0.2.7+70-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the keylime-ima-policy-0.2.7+70-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15294",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15294-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
}
],
"title": "keylime-ima-policy-0.2.7+70-2.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15294-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.aarch64",
"product_id": "rust-keylime-0.2.7+70-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.ppc64le",
"product_id": "rust-keylime-0.2.7+70-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.s390x",
"product_id": "rust-keylime-0.2.7+70-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.x86_64",
"product_id": "rust-keylime-0.2.7+70-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
}
]
}
GHSA-H97M-WW89-6JMQ
Vulnerability from github – Published: 2024-12-09 20:41 – Updated: 2025-05-30 15:01
VLAI?
Summary
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Details
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with idna 0.5.0 or earlier.
Concretely, example.org and xn--example-.org become equal after processing by idna 0.5.0 or earlier. Also, example.org.xn-- and example.org. become equal after processing by idna 0.5.0 or earlier.
In applications using idna (but not in idna itself) this may be able to lead to privilege escalation when host name comparison is part of a privilege check and the behavior is combined with a client that resolves domains with such labels instead of treating them as errors that preclude DNS resolution / URL fetching and with the attacker managing to introduce a DNS entry (and TLS certificate) for an xn---masked name that turns into the name of the target when processed by idna 0.5.0 or earlier.
Remedy
Upgrade to idna 1.0.3 or later, if depending on idna directly, or to url 2.5.4 or later, if depending on idna via url. (This issue was fixed in idna 1.0.0, but versions earlier than 1.0.3 are not recommended for other reasons.)
When upgrading, please take a moment to read about alternative Unicode back ends for idna.
If you are using Rust earlier than 1.81 in combination with SQLx 0.8.2 or earlier, please also read an issue about combining them with url 2.5.4 and idna 1.0.3.
Additional information
This issue resulted from idna 0.5.0 and earlier implementing the UTS 46 specification literally on this point and the specification having this bug. The specification bug has been fixed in revision 33 of UTS 46.
Acknowledgements
Thanks to kageshiron for recognizing the security implications of this behavior.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "idna"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12224"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-09T20:41:10Z",
"nvd_published_at": "2025-05-30T02:15:19Z",
"severity": "MODERATE"
},
"details": "`idna` 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with `idna` 0.5.0 or earlier.\n\nConcretely, `example.org` and `xn--example-.org` become equal after processing by `idna` 0.5.0 or earlier. Also, `example.org.xn--` and `example.org.` become equal after processing by `idna` 0.5.0 or earlier.\n\nIn applications using `idna` (but not in `idna` itself) this may be able to lead to privilege escalation when host name comparison is part of a privilege check and the behavior is combined with a client that resolves domains with such labels instead of treating them as errors that preclude DNS resolution / URL fetching and with the attacker managing to introduce a DNS entry (and TLS certificate) for an `xn--`-masked name that turns into the name of the target when processed by `idna` 0.5.0 or earlier.\n\n## Remedy\n\nUpgrade to `idna` 1.0.3 or later, if depending on `idna` directly, or to `url` 2.5.4 or later, if depending on `idna` via `url`. (This issue was fixed in `idna` 1.0.0, but versions earlier than 1.0.3 are not recommended for other reasons.)\n\nWhen upgrading, please take a moment to read about [alternative Unicode back ends for `idna`](https://docs.rs/crate/idna_adapter/latest).\n\nIf you are using Rust earlier than 1.81 in combination with SQLx 0.8.2 or earlier, please also read an [issue](https://github.com/servo/rust-url/issues/992) about combining them with `url` 2.5.4 and `idna` 1.0.3.\n\n## Additional information\n\nThis issue resulted from `idna` 0.5.0 and earlier implementing the UTS 46 specification literally on this point and the specification having this bug. The specification bug has been fixed in [revision 33 of UTS 46](https://www.unicode.org/reports/tr46/tr46-33.html#Modifications).\n\n## Acknowledgements\n\nThanks to kageshiron for recognizing the security implications of this behavior.",
"id": "GHSA-h97m-ww89-6jmq",
"modified": "2025-05-30T15:01:30Z",
"published": "2024-12-09T20:41:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12224"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
},
{
"type": "PACKAGE",
"url": "https://github.com/servo/rust-url"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "`idna` accepts Punycode labels that do not produce any non-ASCII when decoded"
}
WID-SEC-W-2025-0686
Vulnerability from csaf_certbund - Published: 2025-04-02 22:00 - Updated: 2025-04-02 22:00Summary
IBM DataPower Gateway: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das DataPower Gateway ist eine Software zur Unterstützung von Unternehmen bei der Erfüllung der Sicherheits- und Integrationsanforderungen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuführen, oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das DataPower Gateway ist eine Software zur Unterst\u00fctzung von Unternehmen bei der Erf\u00fcllung der Sicherheits- und Integrationsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0686 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0686.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0686 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0686"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229938"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229939"
}
],
"source_lang": "en-US",
"title": "IBM DataPower Gateway: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-02T22:00:00.000+00:00",
"generator": {
"date": "2025-04-03T08:44:46.510+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0686",
"initial_release_date": "2025-04-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.3",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.3",
"product_id": "T042328"
}
},
{
"category": "product_version",
"name": "10.6.3",
"product": {
"name": "IBM DataPower Gateway 10.6.3",
"product_id": "T042328-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.5.0.16",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.16",
"product_id": "T042329"
}
},
{
"category": "product_version",
"name": "10.5.0.16",
"product": {
"name": "IBM DataPower Gateway 10.5.0.16",
"product_id": "T042329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.4",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.4",
"product_id": "T042330"
}
},
{
"category": "product_version",
"name": "10.6.0.4",
"product": {
"name": "IBM DataPower Gateway 10.6.0.4",
"product_id": "T042330-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.4"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11738",
"product_status": {
"known_affected": [
"T042328",
"T042329",
"T042330"
]
},
"release_date": "2025-04-02T22:00:00.000+00:00",
"title": "CVE-2024-11738"
},
{
"cve": "CVE-2024-12224",
"product_status": {
"known_affected": [
"T042328",
"T042329",
"T042330"
]
},
"release_date": "2025-04-02T22:00:00.000+00:00",
"title": "CVE-2024-12224"
}
]
}
FKIE_CVE-2024-12224
Vulnerability from fkie_nvd - Published: 2025-05-30 02:15 - Updated: 2025-06-25 15:33
Severity ?
Summary
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1887898 | Exploit, Issue Tracking | |
| security@mozilla.org | https://rustsec.org/advisories/RUSTSEC-2024-0421.html | Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://bugzilla.mozilla.org/show_bug.cgi?id=1887898 | Exploit, Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:servo:idna:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "2A9457A0-7004-4D5E-8C78-07A9BE0E13DA",
"versionEndExcluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname."
},
{
"lang": "es",
"value": "La validaci\u00f3n incorrecta de equivalencia insegura en punycode por parte del crate idna de Servo rust-url permite que un atacante cree un nombre de host punycode que una parte de un sistema podr\u00eda tratar como distinto mientras que otra parte de ese sistema tratar\u00eda como equivalente a otro nombre de host."
}
],
"id": "CVE-2024-12224",
"lastModified": "2025-06-25T15:33:17.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@mozilla.org",
"type": "Secondary"
}
]
},
"published": "2025-05-30T02:15:19.670",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1289"
}
],
"source": "security@mozilla.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…