Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25727 (GCVE-0-2026-25727)
Vulnerability from cvelistv5 – Published: 2026-02-06 19:20 – Updated: 2026-02-06 20:22
VLAI?
EPSS
Title
time affected by a stack exhaustion denial of service attack
Summary
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T20:22:34.026090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T20:22:58.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "time",
"vendor": "time-rs",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.3.6, \u003c 0.3.47"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T19:20:56.298Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc"
},
{
"name": "https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee"
},
{
"name": "https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05"
},
{
"name": "https://github.com/time-rs/time/releases/tag/v0.3.47",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/time-rs/time/releases/tag/v0.3.47"
}
],
"source": {
"advisory": "GHSA-r6v5-fh4h-64xc",
"discovery": "UNKNOWN"
},
"title": "time affected by a stack exhaustion denial of service attack"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25727",
"datePublished": "2026-02-06T19:20:56.298Z",
"dateReserved": "2026-02-05T16:48:00.426Z",
"dateUpdated": "2026-02-06T20:22:58.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25727\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-06T20:16:11.860\",\"lastModified\":\"2026-02-24T15:23:35.563\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:time_project:time:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"0.3.6\",\"versionEndExcluding\":\"0.3.47\",\"matchCriteriaId\":\"7B1E36BA-97A9-44D1-8E88-2E5B96901D1A\"}]}]}],\"references\":[{\"url\":\"https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/time-rs/time/releases/tag/v0.3.47\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25727\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-06T20:22:34.026090Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T20:22:35.892Z\"}}], \"cna\": {\"title\": \"time affected by a stack exhaustion denial of service attack\", \"source\": {\"advisory\": \"GHSA-r6v5-fh4h-64xc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"time-rs\", \"product\": \"time\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 0.3.6, \u003c 0.3.47\"}]}], \"references\": [{\"url\": \"https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc\", \"name\": \"https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee\", \"name\": \"https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05\", \"name\": \"https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/time-rs/time/releases/tag/v0.3.47\", \"name\": \"https://github.com/time-rs/time/releases/tag/v0.3.47\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"CWE-121: Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-06T19:20:56.298Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25727\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-06T20:22:58.488Z\", \"dateReserved\": \"2026-02-05T16:48:00.426Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-06T19:20:56.298Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:0470-1
Vulnerability from csaf_suse - Published: 2026-02-12 11:22 - Updated: 2026-02-12 11:22Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
Patchnames: SUSE-2026-470,SUSE-SLE-Micro-5.5-2026-470
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\nUpdate to version 0.2.8+116.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257908).\n\nOther updates and bugfixes:\n\n- Update vendored crates `time` to version 0.3.47.\n\n- Update to version 0.2.8+116:\n\n * build(deps): bump bytes from 1.7.2 to 1.11.1\n * api: Modify /version endpoint output in version 2.5\n * Add API v2.5 with backward-compatible /v2.5/quotes/integrity\n * tests: add unit test for resolve_agent_id (#1182)\n * (pull-model): enable retry logic for registration\n * rpm: Update specfiles to apply on master\n * workflows: Add test to detect unused crates\n * lib: Drop unused crates\n * push-model: Drop unused crates\n * keylime-agent: Drop unused crates\n * build(deps): bump uuid from 1.18.1 to 1.19.0\n * Update reqwest-retry to 0.8, retry-policies to 0.5\n * rpm: Fix cargo_build macro usage on CentOS Stream\n * fix(push-model): resolve hash_ek uuid to actual EK hash\n * build(deps): bump thiserror from 2.0.16 to 2.0.17\n * workflows: Separate upstream test suite from e2e coverage\n * Send UEFI measured boot logs as raw bytes (#1173)\n * auth: Add unit tests for SecretToken implementation\n * packit: Enable push-attestation tests\n * resilient_client: Prevent authentication token leakage in logs\n\n- Use tmpfiles.d for /var directories (PED-14736)\n \n- Update to version 0.2.8+96:\n \n * build(deps): bump wiremock from 0.6.4 to 0.6.5\n * build(deps): bump actions/checkout from 5 to 6\n * build(deps): bump chrono from 0.4.41 to 0.4.42\n * packit: Get coverage from Fedora 43 runs\n * Fix issues pointed out by clippy\n * Replace mutex unwraps with proper error handling in TPM library\n * Remove unused session request methods from StructureFiller\n * Fix config panic on missing ek_handle in push model agent\n * build(deps): bump tempfile from 3.21.0 to 3.23.0\n * build(deps): bump actions/upload-artifact from 4 to 6 (#1163)\n * Fix clippy warnings project-wide\n * Add KEYLIME_DIR support for verifier TLS certificates in push model agent\n * Thread privileged resources and use MeasurementList for IMA reading\n * Add privileged resource initialization and privilege dropping to push model agent\n * Fix privilege dropping order in run_as()\n * add documentation on FQDN hostnames\n * Remove confusing logs for push mode agent\n * Set correct default Verifier port (8891-\u003e8881) (#1159)\n * Add verifier_url to reference configuration file (#1158)\n * Add TLS support for Registrar communication (#1139)\n * Fix agent handling of 403 registration responses (#1154)\n * Add minor README.md rephrasing (#1151)\n * build(deps): bump actions/checkout from 5 to 6 (#1153)\n * ci: update spec files for packit COPR build\n * docs: improve challenge encoding and async TPM documentation\n * refactor: improve middleware and error handling\n * feat: add authentication client with middleware integration\n * docker: Include keylime_push_model_agent binary\n * Include attestation_interval configuration (#1146)\n * Persist payload keys to avoid attestation failure on restart\n * crypto: Implement the load or generate pattern for keys\n * Use simple algorithm specifiers in certification_keys object (#1140)\n * tests: Enable more tests in CI\n * Fix RSA2048 algorithm reporting in keylime agent\n * Remove disabled_signing_algorithms configuration\n * rpm: Fix metadata patches to apply to current code\n * workflows/rpm.yml: Use more strict patching\n * build(deps): bump uuid from 1.17.0 to 1.18.1\n * Fix ECC algorithm selection and reporting for keylime agent\n * Improve logging consistency and coherency\n * Implement minimal RFC compliance for Location header and URI parsing (#1125)\n * Use separate keys for payload mechanism and mTLS\n * docker: update rust to 1.81 for distroless Dockerfile\n * Ensure UEFI log capabilities are set to false\n * build(deps): bump http from 1.1.0 to 1.3.1\n * build(deps): bump log from 0.4.27 to 0.4.28\n * build(deps): bump cfg-if from 1.0.1 to 1.0.3\n * build(deps): bump actix-rt from 2.10.0 to 2.11.0\n * build(deps): bump async-trait from 0.1.88 to 0.1.89\n * build(deps): bump trybuild from 1.0.105 to 1.0.110\n * Accept evidence handling structures null entries\n * workflows: Add test to check if RPM patches still apply\n * CI: Enable test add-agent-with-malformed-ek-cert\n * config: Fix singleton tests\n * FSM: Remove needless lifetime annotations (#1105)\n * rpm: Do not remove wiremock which is now available in Fedora\n * Use latest Fedora httpdate version (1.0.3)\n * Enhance coverage with parse_retry_after test\n * Fix issues reported by CI regarding unwrap() calls\n * Reuse max retries indicated to the ResilientClient\n * Include limit of retries to 5 for Retry-After\n * Add policy to handle Retry-After response headers\n * build(deps): bump wiremock from 0.6.3 to 0.6.4\n * build(deps): bump serde_json from 1.0.140 to 1.0.143\n * build(deps): bump pest_derive from 2.8.0 to 2.8.1\n * build(deps): bump syn from 2.0.90 to 2.0.106\n * build(deps): bump tempfile from 3.20.0 to 3.21.0\n * build(deps): bump thiserror from 2.0.12 to 2.0.16\n * rpm: Fix patches to apply to current master code\n * build(deps): bump anyhow from 1.0.98 to 1.0.99\n * state_machine: Automatically clean config override during tests\n * config: Implement singleton and factory pattern\n * testing: Support overriding configuration during tests\n * feat: implement standalone challenge-response authentication module\n * structures: rename session structs for clarity and fix typos\n * tpm: refactor certify_credential_with_iak() into a more generic function\n * Add Push Model Agent Mermaid FSM chart (#1095)\n * Add state to avoid exiting on wrong attestation (#1093)\n * Add 6 alphanumeric lowercase X-Request-ID header\n * Enhance Evidence Handling response parsing\n * build(deps): bump quote from 1.0.35 to 1.0.40\n * build(deps): bump libc from 0.2.172 to 0.2.175\n * build(deps): bump glob from 0.3.2 to 0.3.3\n * build(deps): bump actix-web from 4.10.2 to 4.11.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-470,SUSE-SLE-Micro-5.5-2026-470",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0470-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0470-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260470-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0470-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024143.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-02-12T11:22:07Z",
"generator": {
"date": "2026-02-12T11:22:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0470-1",
"initial_release_date": "2026-02-12T11:22:07Z",
"revision_history": [
{
"date": "2026-02-12T11:22:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.aarch64",
"product_id": "keylime-ima-policy-0.2.8+116-150500.3.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150500.3.11.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-150500.3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.8+116-150500.3.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150500.3.11.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-150500.3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.s390x",
"product_id": "keylime-ima-policy-0.2.8+116-150500.3.11.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150500.3.11.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.s390x",
"product_id": "rust-keylime-0.2.8+116-150500.3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150500.3.11.1.x86_64",
"product_id": "keylime-ima-policy-0.2.8+116-150500.3.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150500.3.11.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-150500.3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-150500.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.8+116-150500.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-150500.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150500.3.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-150500.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.8+116-150500.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T11:22:07Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0582-1
Vulnerability from csaf_suse - Published: 2026-02-20 10:02 - Updated: 2026-02-20 10:02Summary
Security update for snpguest
Severity
Important
Notes
Title of the patch: Security update for snpguest
Description of the patch: This update for snpguest fixes the following issues:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257927).
Patchnames: SUSE-2026-582,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-582,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-582,openSUSE-SLE-15.6-2026-582
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snpguest",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snpguest fixes the following issues:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257927).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-582,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-582,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-582,openSUSE-SLE-15.6-2026-582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0582-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0582-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260582-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0582-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024364.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257927",
"url": "https://bugzilla.suse.com/1257927"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for snpguest",
"tracking": {
"current_release_date": "2026-02-20T10:02:23Z",
"generator": {
"date": "2026-02-20T10:02:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0582-1",
"initial_release_date": "2026-02-20T10:02:23Z",
"revision_history": [
{
"date": "2026-02-20T10:02:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.3.2-150600.3.9.1.x86_64",
"product": {
"name": "snpguest-0.3.2-150600.3.9.1.x86_64",
"product_id": "snpguest-0.3.2-150600.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.3.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:snpguest-0.3.2-150600.3.9.1.x86_64"
},
"product_reference": "snpguest-0.3.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.3.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:snpguest-0.3.2-150600.3.9.1.x86_64"
},
"product_reference": "snpguest-0.3.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.3.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:snpguest-0.3.2-150600.3.9.1.x86_64"
},
"product_reference": "snpguest-0.3.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:snpguest-0.3.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:snpguest-0.3.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:snpguest-0.3.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:snpguest-0.3.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:snpguest-0.3.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:snpguest-0.3.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:snpguest-0.3.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-20T10:02:23Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0860-1
Vulnerability from csaf_suse - Published: 2026-03-10 16:46 - Updated: 2026-03-10 16:46Summary
Security update for python-maturin
Severity
Important
Notes
Title of the patch: Security update for python-maturin
Description of the patch: This update for python-maturin fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257918).
Patchnames: SUSE-2026-860,openSUSE-SLE-15.6-2026-860
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-maturin",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-maturin fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257918).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-860,openSUSE-SLE-15.6-2026-860",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0860-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0860-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260860-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0860-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024670.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257918",
"url": "https://bugzilla.suse.com/1257918"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for python-maturin",
"tracking": {
"current_release_date": "2026-03-10T16:46:52Z",
"generator": {
"date": "2026-03-10T16:46:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0860-1",
"initial_release_date": "2026-03-10T16:46:52Z",
"revision_history": [
{
"date": "2026-03-10T16:46:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.4.0-150600.3.12.1.aarch64",
"product": {
"name": "python311-maturin-1.4.0-150600.3.12.1.aarch64",
"product_id": "python311-maturin-1.4.0-150600.3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.4.0-150600.3.12.1.i586",
"product": {
"name": "python311-maturin-1.4.0-150600.3.12.1.i586",
"product_id": "python311-maturin-1.4.0-150600.3.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.4.0-150600.3.12.1.ppc64le",
"product": {
"name": "python311-maturin-1.4.0-150600.3.12.1.ppc64le",
"product_id": "python311-maturin-1.4.0-150600.3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.4.0-150600.3.12.1.s390x",
"product": {
"name": "python311-maturin-1.4.0-150600.3.12.1.s390x",
"product_id": "python311-maturin-1.4.0-150600.3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.4.0-150600.3.12.1.x86_64",
"product": {
"name": "python311-maturin-1.4.0-150600.3.12.1.x86_64",
"product_id": "python311-maturin-1.4.0-150600.3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.4.0-150600.3.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.aarch64"
},
"product_reference": "python311-maturin-1.4.0-150600.3.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.4.0-150600.3.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.ppc64le"
},
"product_reference": "python311-maturin-1.4.0-150600.3.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.4.0-150600.3.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.s390x"
},
"product_reference": "python311-maturin-1.4.0-150600.3.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.4.0-150600.3.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.x86_64"
},
"product_reference": "python311-maturin-1.4.0-150600.3.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.s390x",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.s390x",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.aarch64",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.ppc64le",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.s390x",
"openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-10T16:46:52Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0620-1
Vulnerability from csaf_suse - Published: 2026-02-24 16:36 - Updated: 2026-02-24 16:36Summary
Security update for snpguest
Severity
Important
Notes
Title of the patch: Security update for snpguest
Description of the patch: This update for snpguest fixes the following issues:
Update to version 0.10.0.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927).
- CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242601).
- CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bcs#1243869).
Other updates and bugfixes:
- Update to version 0.10.0
* fails to generate attestation reports on SEV-SNP guests with firmware API (bsc#1257877).
* chore: updating tool version to 0.10.0
* refactor(certs): remove redundant branch in file-write logic
* Docs: Adding verify measure, host-data, report-data to docs
* verify: verify measurent, host data, and report data attributes from the attestation report.
* library: Updating sev library to 7.1.0
* ci: replace deprecated gh actions
* feat: multi-format integer parsing for key subcommand arguments
* chore(main): remove unused import `clap::arg`
* feat(fetch): add fetch crl subcommand
* .github/lint: Bump toolchain version to 1.86
* Bump rust version to 1.86
* feat: bumping tool to version 0.9.2
* fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid
* feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0)
* docs: restore and clarify Global Options section
* doc: fix CL argument orders + address recent changes
* fix(hyperv): downgrade VMPL check from error to warning
* fix(report.rs): remove conflict check between --random flag and Hyper-V
* fix(report.rs): Decouple runtime behavior from hyperv build feature
* refactor: clarify --platform error message
* docs: add Azure/Hyper-V build note for --platform
* report: Writing Req Data as Binary (#101)
* deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99)
* Updating SEV library to 6.1.0 and updating version to 0.9.1
* Update version (0.9.0)
* HyperV: Fixing report command failure on Azure confidential VM
* Removing intird and append requirement for kernel measurements (#93)
* Updating to version 6 of library and fixing attestation (#89)
* CI: Fixing create_release workflow (#91)
* Minor update (0.8.3)
* Adding build script
* Update preattestation.rs
* Fix certificate fetch bug for Turin
* Minor update
* Update bitfield to 0.15.0
* Update to 0.8.1
* Update asn1-rs and x509-parser
* Update to 0.8.0
* key: Fix guest_field_select typo
* Adding Turin support and updating ASK cn
Patchnames: SUSE-2026-620,SUSE-SLE-Module-Server-Applications-15-SP7-2026-620
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snpguest",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snpguest fixes the following issues:\n\nUpdate to version 0.10.0.\n\nSecurity issues fixed: \n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927).\n- CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242601).\n- CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bcs#1243869).\n\nOther updates and bugfixes:\n\n- Update to version 0.10.0 \n\n * fails to generate attestation reports on SEV-SNP guests with firmware API (bsc#1257877).\n * chore: updating tool version to 0.10.0\n * refactor(certs): remove redundant branch in file-write logic\n * Docs: Adding verify measure, host-data, report-data to docs\n * verify: verify measurent, host data, and report data attributes from the attestation report.\n * library: Updating sev library to 7.1.0\n * ci: replace deprecated gh actions\n * feat: multi-format integer parsing for key subcommand arguments\n * chore(main): remove unused import `clap::arg`\n * feat(fetch): add fetch crl subcommand\n * .github/lint: Bump toolchain version to 1.86\n * Bump rust version to 1.86\n * feat: bumping tool to version 0.9.2\n * fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid\n * feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0)\n * docs: restore and clarify Global Options section\n * doc: fix CL argument orders + address recent changes\n * fix(hyperv): downgrade VMPL check from error to warning\n * fix(report.rs): remove conflict check between --random flag and Hyper-V\n * fix(report.rs): Decouple runtime behavior from hyperv build feature\n * refactor: clarify --platform error message\n * docs: add Azure/Hyper-V build note for --platform\n * report: Writing Req Data as Binary (#101)\n * deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99)\n * Updating SEV library to 6.1.0 and updating version to 0.9.1\n * Update version (0.9.0)\n * HyperV: Fixing report command failure on Azure confidential VM\n * Removing intird and append requirement for kernel measurements (#93)\n * Updating to version 6 of library and fixing attestation (#89)\n * CI: Fixing create_release workflow (#91)\n * Minor update (0.8.3)\n * Adding build script\n * Update preattestation.rs\n * Fix certificate fetch bug for Turin\n * Minor update\n * Update bitfield to 0.15.0\n * Update to 0.8.1\n * Update asn1-rs and x509-parser\n * Update to 0.8.0\n * key: Fix guest_field_select typo\n * Adding Turin support and updating ASK cn\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-620,SUSE-SLE-Module-Server-Applications-15-SP7-2026-620",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0620-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0620-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260620-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0620-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024385.html"
},
{
"category": "self",
"summary": "SUSE Bug 1242601",
"url": "https://bugzilla.suse.com/1242601"
},
{
"category": "self",
"summary": "SUSE Bug 1243869",
"url": "https://bugzilla.suse.com/1243869"
},
{
"category": "self",
"summary": "SUSE Bug 1257877",
"url": "https://bugzilla.suse.com/1257877"
},
{
"category": "self",
"summary": "SUSE Bug 1257927",
"url": "https://bugzilla.suse.com/1257927"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for snpguest",
"tracking": {
"current_release_date": "2026-02-24T16:36:35Z",
"generator": {
"date": "2026-02-24T16:36:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0620-1",
"initial_release_date": "2026-02-24T16:36:35Z",
"revision_history": [
{
"date": "2026-02-24T16:36:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.10.0-150700.3.3.1.x86_64",
"product": {
"name": "snpguest-0.10.0-150700.3.3.1.x86_64",
"product_id": "snpguest-0.10.0-150700.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.10.0-150700.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
},
"product_reference": "snpguest-0.10.0-150700.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-24T16:36:35Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-24T16:36:35Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP7:snpguest-0.10.0-150700.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-24T16:36:35Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20661-1
Vulnerability from csaf_suse - Published: 2026-03-10 18:35 - Updated: 2026-03-10 18:35Summary
Security update for virtiofsd
Severity
Important
Notes
Title of the patch: Security update for virtiofsd
Description of the patch: This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
Patchnames: SUSE-SLE-Micro-6.1-436
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for virtiofsd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for virtiofsd fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257912).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-436",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20661-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20661-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620661-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20661-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024751.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257912",
"url": "https://bugzilla.suse.com/1257912"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for virtiofsd",
"tracking": {
"current_release_date": "2026-03-10T18:35:27Z",
"generator": {
"date": "2026-03-10T18:35:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20661-1",
"initial_release_date": "2026-03-10T18:35:27Z",
"revision_history": [
{
"date": "2026-03-10T18:35:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.aarch64",
"product": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.aarch64",
"product_id": "virtiofsd-1.10.1-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le",
"product": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le",
"product_id": "virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.s390x",
"product": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.s390x",
"product_id": "virtiofsd-1.10.1-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.x86_64",
"product": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.x86_64",
"product_id": "virtiofsd-1.10.1-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.aarch64"
},
"product_reference": "virtiofsd-1.10.1-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le"
},
"product_reference": "virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.s390x"
},
"product_reference": "virtiofsd-1.10.1-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.x86_64"
},
"product_reference": "virtiofsd-1.10.1-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:virtiofsd-1.10.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-10T18:35:27Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20575-1
Vulnerability from csaf_suse - Published: 2026-02-17 14:06 - Updated: 2026-02-17 14:06Summary
Security update for wicked2nm
Severity
Important
Notes
Title of the patch: Security update for wicked2nm
Description of the patch: This update for wicked2nm fixes the following issues:
- Update to version 1.4.1
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908).
Patchnames: SUSE-SLES-16.0-292
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wicked2nm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wicked2nm fixes the following issues:\n\n- Update to version 1.4.1\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-292",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20575-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20575-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620575-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20575-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024626.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257911",
"url": "https://bugzilla.suse.com/1257911"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for wicked2nm",
"tracking": {
"current_release_date": "2026-02-17T14:06:56Z",
"generator": {
"date": "2026-02-17T14:06:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20575-1",
"initial_release_date": "2026-02-17T14:06:56Z",
"revision_history": [
{
"date": "2026-02-17T14:06:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.aarch64",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.aarch64",
"product_id": "wicked2nm-1.4.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"product_id": "wicked2nm-1.4.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.s390x",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.s390x",
"product_id": "wicked2nm-1.4.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.x86_64",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.x86_64",
"product_id": "wicked2nm-1.4.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.aarch64"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.s390x"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.aarch64"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.s390x"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:wicked2nm-1.4.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T14:06:56Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0819-1
Vulnerability from csaf_suse - Published: 2026-03-05 10:49 - Updated: 2026-03-05 10:49Summary
Security update for virtiofsd
Severity
Important
Notes
Title of the patch: Security update for virtiofsd
Description of the patch: This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
Patchnames: SUSE-2026-819,SUSE-SLE-Module-Basesystem-15-SP7-2026-819
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for virtiofsd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for virtiofsd fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257912).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-819,SUSE-SLE-Module-Basesystem-15-SP7-2026-819",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0819-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0819-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260819-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0819-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024580.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257912",
"url": "https://bugzilla.suse.com/1257912"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for virtiofsd",
"tracking": {
"current_release_date": "2026-03-05T10:49:51Z",
"generator": {
"date": "2026-03-05T10:49:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0819-1",
"initial_release_date": "2026-03-05T10:49:51Z",
"revision_history": [
{
"date": "2026-03-05T10:49:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-150700.3.3.1.aarch64",
"product": {
"name": "virtiofsd-1.12.0-150700.3.3.1.aarch64",
"product_id": "virtiofsd-1.12.0-150700.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-150700.3.3.1.ppc64le",
"product": {
"name": "virtiofsd-1.12.0-150700.3.3.1.ppc64le",
"product_id": "virtiofsd-1.12.0-150700.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-150700.3.3.1.s390x",
"product": {
"name": "virtiofsd-1.12.0-150700.3.3.1.s390x",
"product_id": "virtiofsd-1.12.0-150700.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-150700.3.3.1.x86_64",
"product": {
"name": "virtiofsd-1.12.0-150700.3.3.1.x86_64",
"product_id": "virtiofsd-1.12.0-150700.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-150700.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.aarch64"
},
"product_reference": "virtiofsd-1.12.0-150700.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-150700.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.ppc64le"
},
"product_reference": "virtiofsd-1.12.0-150700.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-150700.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.s390x"
},
"product_reference": "virtiofsd-1.12.0-150700.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-150700.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.x86_64"
},
"product_reference": "virtiofsd-1.12.0-150700.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:virtiofsd-1.12.0-150700.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T10:49:51Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20526-1
Vulnerability from csaf_suse - Published: 2026-02-26 11:08 - Updated: 2026-02-26 11:08Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908).
Other updates and bugfixes:
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
Patchnames: SUSE-SLE-Micro-6.0-596
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\nUpdate to version 0.2.8+116.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908).\n\nOther updates and bugfixes:\n\n- Update to version 0.2.8+116:\n * build(deps): bump bytes from 1.7.2 to 1.11.1\n * api: Modify /version endpoint output in version 2.5\n * Add API v2.5 with backward-compatible /v2.5/quotes/integrity\n * tests: add unit test for resolve_agent_id (#1182)\n * (pull-model): enable retry logic for registration\n * rpm: Update specfiles to apply on master\n * workflows: Add test to detect unused crates\n * lib: Drop unused crates\n * push-model: Drop unused crates\n * keylime-agent: Drop unused crates\n * build(deps): bump uuid from 1.18.1 to 1.19.0\n * Update reqwest-retry to 0.8, retry-policies to 0.5\n * rpm: Fix cargo_build macro usage on CentOS Stream\n * fix(push-model): resolve hash_ek uuid to actual EK hash\n * build(deps): bump thiserror from 2.0.16 to 2.0.17\n * workflows: Separate upstream test suite from e2e coverage\n * Send UEFI measured boot logs as raw bytes (#1173)\n * auth: Add unit tests for SecretToken implementation\n * packit: Enable push-attestation tests\n * resilient_client: Prevent authentication token leakage in logs\n\n- Update to version 0.2.8+96:\n * build(deps): bump wiremock from 0.6.4 to 0.6.5\n * build(deps): bump actions/checkout from 5 to 6\n * build(deps): bump chrono from 0.4.41 to 0.4.42\n * packit: Get coverage from Fedora 43 runs\n * Fix issues pointed out by clippy\n * Replace mutex unwraps with proper error handling in TPM library\n * Remove unused session request methods from StructureFiller\n * Fix config panic on missing ek_handle in push model agent\n * build(deps): bump tempfile from 3.21.0 to 3.23.0\n * build(deps): bump actions/upload-artifact from 4 to 6 (#1163)\n * Fix clippy warnings project-wide\n * Add KEYLIME_DIR support for verifier TLS certificates in push model agent\n * Thread privileged resources and use MeasurementList for IMA reading\n * Add privileged resource initialization and privilege dropping to push model agent\n * Fix privilege dropping order in run_as()\n * add documentation on FQDN hostnames\n * Remove confusing logs for push mode agent\n * Set correct default Verifier port (8891-\u003e8881) (#1159)\n * Add verifier_url to reference configuration file (#1158)\n * Add TLS support for Registrar communication (#1139)\n * Fix agent handling of 403 registration responses (#1154)\n * Add minor README.md rephrasing (#1151)\n * build(deps): bump actions/checkout from 5 to 6 (#1153)\n * ci: update spec files for packit COPR build\n * docs: improve challenge encoding and async TPM documentation\n * refactor: improve middleware and error handling\n * feat: add authentication client with middleware integration\n * docker: Include keylime_push_model_agent binary\n * Include attestation_interval configuration (#1146)\n * Persist payload keys to avoid attestation failure on restart\n * crypto: Implement the load or generate pattern for keys\n * Use simple algorithm specifiers in certification_keys object (#1140)\n * tests: Enable more tests in CI\n * Fix RSA2048 algorithm reporting in keylime agent\n * Remove disabled_signing_algorithms configuration\n * rpm: Fix metadata patches to apply to current code\n * workflows/rpm.yml: Use more strict patching\n * build(deps): bump uuid from 1.17.0 to 1.18.1\n * Fix ECC algorithm selection and reporting for keylime agent\n * Improve logging consistency and coherency\n * Implement minimal RFC compliance for Location header and URI parsing (#1125)\n * Use separate keys for payload mechanism and mTLS\n * docker: update rust to 1.81 for distroless Dockerfile\n * Ensure UEFI log capabilities are set to false\n * build(deps): bump http from 1.1.0 to 1.3.1\n * build(deps): bump log from 0.4.27 to 0.4.28\n * build(deps): bump cfg-if from 1.0.1 to 1.0.3\n * build(deps): bump actix-rt from 2.10.0 to 2.11.0\n * build(deps): bump async-trait from 0.1.88 to 0.1.89\n * build(deps): bump trybuild from 1.0.105 to 1.0.110\n * Accept evidence handling structures null entries\n * workflows: Add test to check if RPM patches still apply\n * CI: Enable test add-agent-with-malformed-ek-cert\n * config: Fix singleton tests\n * FSM: Remove needless lifetime annotations (#1105)\n * rpm: Do not remove wiremock which is now available in Fedora\n * Use latest Fedora httpdate version (1.0.3)\n * Enhance coverage with parse_retry_after test\n * Fix issues reported by CI regarding unwrap() calls\n * Reuse max retries indicated to the ResilientClient\n * Include limit of retries to 5 for Retry-After\n * Add policy to handle Retry-After response headers\n * build(deps): bump wiremock from 0.6.3 to 0.6.4\n * build(deps): bump serde_json from 1.0.140 to 1.0.143\n * build(deps): bump pest_derive from 2.8.0 to 2.8.1\n * build(deps): bump syn from 2.0.90 to 2.0.106\n * build(deps): bump tempfile from 3.20.0 to 3.21.0\n * build(deps): bump thiserror from 2.0.12 to 2.0.16\n * rpm: Fix patches to apply to current master code\n * build(deps): bump anyhow from 1.0.98 to 1.0.99\n * state_machine: Automatically clean config override during tests\n * config: Implement singleton and factory pattern\n * testing: Support overriding configuration during tests\n * feat: implement standalone challenge-response authentication module\n * structures: rename session structs for clarity and fix typos\n * tpm: refactor certify_credential_with_iak() into a more generic function\n * Add Push Model Agent Mermaid FSM chart (#1095)\n * Add state to avoid exiting on wrong attestation (#1093)\n * Add 6 alphanumeric lowercase X-Request-ID header\n * Enhance Evidence Handling response parsing\n * build(deps): bump quote from 1.0.35 to 1.0.40\n * build(deps): bump libc from 0.2.172 to 0.2.175\n * build(deps): bump glob from 0.3.2 to 0.3.3\n * build(deps): bump actix-web from 4.10.2 to 4.11.0\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-596",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20526-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20526-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620526-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20526-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024496.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-02-26T11:08:16Z",
"generator": {
"date": "2026-02-26T11:08:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20526-1",
"initial_release_date": "2026-02-26T11:08:16Z",
"revision_history": [
{
"date": "2026-02-26T11:08:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.s390x",
"product_id": "rust-keylime-0.2.8+116-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.8+116-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T11:08:16Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0514-1
Vulnerability from csaf_suse - Published: 2026-02-13 14:57 - Updated: 2026-02-13 14:57Summary
Security update for cargo-auditable
Severity
Important
Notes
Title of the patch: Security update for cargo-auditable
Description of the patch: This update for cargo-auditable fixes the following issues:
Update to version 0.7.2~0.
Security issues fixed:
- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257906).
Other updates and bugfixes:
- Update to version 0.7.2~0:
* mention cargo-dist in README
* commit Cargo.lock
* bump which dev-dependency to 8.0.0
* bump object to 0.37
* Upgrade cargo_metadata to 0.23
* Expand the set of dist platforms in config
- Update to version 0.7.1~0:
* Out out of unhelpful clippy lint
* Satisfy clippy
* Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't
* Run apt-get update before trying to install packages
* run `cargo dist init` on dist 0.30
* Drop allow-dirty from dist config, should no longer be needed
* Reorder paragraphs in README
* Note the maintenance transition for the go extraction library
* Editing pass on the adopters: scanners
* clarify Docker support
* Cargo clippy fix
* Add Wolfi OS and Chainguard to adopters
* Update mentions around Anchore tooling
* README and documentation updates for nightly
* Bump dependency version in rust-audit-info
* More work on docs
* Nicer formatting on format revision documentation
* Bump versions
* regenerate JSON schema
* cargo fmt
* Document format field
* Make it more clear that RawVersionInfo is private
* Add format field to the serialized data
* cargo clippy fix
* Add special handling for proc macros to treat them as the build dependencies they are
* Add a test to ensure proc macros are reported as build dependencies
* Add a test fixture for a crate with a proc macro dependency
* parse fully qualified package ID specs from SBOMs
* select first discovered SBOM file
* cargo sbom integration
* Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out
* Don't fail plan workflow due to manually changed release.yml
* Bump Ubuntu version to hopefully fix release.yml workflow
* Add test for stripped binary
* Bump version to 0.6.7
* Populate changelog
* README.md: add auditable2cdx, more consistency in text
* Placate clippy
* Do not emit -Wl if a bare linker is in use
* Get rid of a compiler warning
* Add bare linker detection function
* drop boilerplate from test that's no longer relevant
* Add support for recovering rustc codegen options
* More lenient parsing of rustc arguments
* More descriptive error message in case rustc is killed abruptly
* change formatting to fit rustfmt
* More descriptive error message in case cargo is killed
* Update REPLACING_CARGO.md to fix #195
* Clarify osv-scanner support in README
* Include the command required to view metadata
* Mention wasm-tools support
* Switch from broken generic cache action to a Rust-specific one
* Fill in various fields in auditable2cdx Cargo.toml
* Include osv-scanner in the list, with a caveat
* Add link to blint repo to README
* Mention that blint supports our data
* Consolidate target definitions
* Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that
* Migrate to a maintained toolchain action
* Fix author specification
* Add link to repository to resolverver Cargo.toml
* Bump resolverver to 0.1.0
* Add resolverver crate to the tree
- Update to version 0.6.6~0:
* Note the `object` upgrade in the changelog
* Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx
* Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint
* Update dependencies in the lock file
* Populate changelog
* apply clippy lint
* add another --emit parsing test
* shorter code with cargo fmt
* Actually fix cargo-c compatibility
* Attempt to fix cargo-capi incompatibility
* Refactoring in preparation for fixes
* Also read the --emit flag to rustc
* Fill in changelogs
* Bump versions
* Drop cfg'd out tests
* Drop obsolete doc line
* Move dependency cycle tests from auditable-serde to cargo-auditable crate
* Remove cargo_metadata from auditable-serde API surface.
* Apply clippy lint
* Upgrade miniz_oxide to 0.8.0
* Insulate our semver from miniz_oxide semver
* Add support for Rust 2024 edition
* Update tests
* More robust OS detection for riscv feature detection
* bump version
* update changelog for auditable-extract 0.3.5
* Fix wasm component auditable data extraction
* Update blocker description in README.md
* Add openSUSE to adopters
* Update list of know adopters
* Fix detection of `riscv64-linux-android` target features
* Silence noisy lint
* Bump version requirement in rust-audit-info
* Fill in changelogs
* Bump semver of auditable-info
* Drop obsolete comment now that wasm is enabled by default
* Remove dependency on cargo-lock
* Brag about adoption in the README
* Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc
* Also build musl binaries
* dist: update dist config for future releases
* dist(cargo-auditable): ignore auditable2cdx for now
* chore: add cargo-dist
- Update to version 0.6.4~0:
* Release cargo-auditable v0.6.4
* Correctly attribute changelog file addition in changelog
* Add changelog for auditable-extract
* Verify various feature combinations in CI
* Upgrade wasmparser to remove dependencies with `unsafe`
* Add LoongArch support
* cargo fmt
* Move doc headers to README.md and point rustdoc to them, so that we have nice crates.io pages
* Expand on the note about WebAssembly parsing
* Populate changelogs
* Resume bragging about all dependencies being safe, now that there is a caveat below
* drop fuzz Cargo.lock to always fuzz against latest versions
* Bump `cargo auditable` version
* Mention WASM support in README
* Revert 'Be super duper extra sure both MinGW and MSVC are tested on CI'
* Be super duper extra sure both MinGW and MSVC are tested on CI
* Add wasm32 targets to CI for more platforms
* Don't pass --target twice in tests
* Install WASM toolchain in CI
* cargo fmt
* Add WASM end-to-end test
* cargo fmt
* Update documentation to mention the WASM feature
* cargo fmt
* Plumb WASM parsing feature through the whole stack
* Make WASM parsing an optional, non-default feature
* Add a fuzzing harness for WASM parsing
* Rewritten WASM parsing to avoid heap allocations
* Initial WASM extraction support
* Nicer assertion
* Drop obsolete comment
* Clarify that embedding the compiler version has shipped.
* Fixed section name for WASM
* Unified and more robust platform detection. Fixed wasm build process
* Initial WASM support
* More robust platform detection for picking the binary format
* Fix Windows CI to run both -msvc and -gnu
* Use the correct link.exe flag for preserving the specified symbol even if it is unused
* Fix Windows
* Fix tests on Rust 1.77
* Placate clippy
* Oopps, I meant components field
* Also remove the dependencies field if empty
* Use serde_json with order preservation feature to get a more compressible JSON after workarounds
* Work around cyclonedx-bom limitations to produce minified JSON
* Also record the dependency kind
* cyclonedx-bom: also record PURL
* Also write the dependency tree
* Clear the serial number in the minimal CycloneDX variant
* Prototype impl of auditable2cdx
* Fill in auditable2cdx dependencies
* Initial auditable2cdx boilerplace
* add #![forbid(unsafe_code)]
* Initial implementation of auditable-to-cyclonedx conversion
* Add the necessary dependencies to auditable-cyclonedx
* Initial dummy package for auditable-cyclonedx
- Update to version 0.6.2~0:
* Update the lockfile
* New releases of cargo-auditable and auditable-serde
* Use a separate project for the custom rustc path tests. Fixes intermittent test failures due to race conditions
* Revert 'add commit hashes to git sources'
* Fix cyclic dependency graph being encoded
* Revert 'An unsuccessful attempt to fix cycles caused by dev-dependencies'
* An unsuccessful attempt to fix cycles caused by dev-dependencies
* Fix typo
* Add comment
* Add a test for an issue with cyclic dependencies reported at https://github.com/rustsec/rustsec/issues/1043
* Fix auditable-serde example not building
* upgrade dependency miniz_oxide to 0.6.0
* fix formatting errors
* apply clippy lints for --all-features
* improve the internal docs and comments
* apply clippy lints
* add missing sources for one of test fixtures
* add commit hashes to git sources
* Run all tests on CI
* cargo fmt
* Run `cargo clean` in tests to get rid of stale binaries
* Fix date in changelog
* Populate changelog
* Bump auditable-info version in rust-audit-info
* Add auditable-info changelog
* Bump versions following cargo-lock bump
* auditable-serde: bump `cargo-lock` to v9
* switch to UNRELEASED
* Update CHANGELOG.md
* Print a better error if calling rustc fails
* Drop unused import
* placate Clippy
* Don't inject audit info if --print argument is passed to rustc
* Reflect the version change in Cargo.lock
* Remove space from keywords
* bump version to 0.6.1
* Fix date in changelog
* Update CHANGELOG.md
* Add publish=false
* Commit the generated manpage
* Add the code for generating a manpage; rather rudimentary so far, but it's a starting point
* Explain relation to supply chain attacks
* Add keywords to the Cargo manifest
* Revert 'generate a man page for cargo auditable'
* fix formatting
* fix review feedback, relocate file to under OUT_DIR, don't use anyhow and also commit the lock file
* generate a man page for cargo auditable
* Add Clippy suppression
* placate clippy
* commit Cargo.lock
* Sync to latest object file writing code from rustc
* Fix examples in docs
* Allow redundant field names
* Apply clippy suggestion: match -> if let
* Check for clippy and format in CI
* Apply clippy suggestions
* Run CI with --locked
- Update to version 0.6.0~0:
* README and documentation improvements
* Read the rustc path passed by Cargo; fixes #90
* Read location of Cargo from the environment variable Cargo sets for third-party subcommands
* Add a note on sccache version compatibility to CHANGELOG.md
* Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error
* Specifying the binary-scanning feature is no longer needed
* Pass options such as --offline to `cargo metadata`
* Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83
* Bump rust-audit-info to 0.5.2
* Bump auditable-serde version to 0.5.2
* Correctly fill in the source even in dependency entries when converting to cargo-lock data format
* Drop the roundtrip through str in semver::Version
* Release auditable-info 0.6.1
* Bump all the version requirements for things depending on auditable-info
* Fix audit_info_from_slice function signature
Patchnames: SUSE-2026-514,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-514,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-514,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-514,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-514
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cargo-auditable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cargo-auditable fixes the following issues:\n\nUpdate to version 0.7.2~0.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257906).\n\nOther updates and bugfixes:\n\n- Update to version 0.7.2~0:\n\n * mention cargo-dist in README\n * commit Cargo.lock\n * bump which dev-dependency to 8.0.0\n * bump object to 0.37\n * Upgrade cargo_metadata to 0.23\n * Expand the set of dist platforms in config\n\n- Update to version 0.7.1~0:\n\n * Out out of unhelpful clippy lint\n * Satisfy clippy\n * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren\u0027t\n * Run apt-get update before trying to install packages\n * run `cargo dist init` on dist 0.30\n * Drop allow-dirty from dist config, should no longer be needed\n * Reorder paragraphs in README\n * Note the maintenance transition for the go extraction library\n * Editing pass on the adopters: scanners\n * clarify Docker support\n * Cargo clippy fix\n * Add Wolfi OS and Chainguard to adopters\n * Update mentions around Anchore tooling\n * README and documentation updates for nightly\n * Bump dependency version in rust-audit-info\n * More work on docs\n * Nicer formatting on format revision documentation\n * Bump versions\n * regenerate JSON schema\n * cargo fmt\n * Document format field\n * Make it more clear that RawVersionInfo is private\n * Add format field to the serialized data\n * cargo clippy fix\n * Add special handling for proc macros to treat them as the build dependencies they are\n * Add a test to ensure proc macros are reported as build dependencies\n * Add a test fixture for a crate with a proc macro dependency\n * parse fully qualified package ID specs from SBOMs\n * select first discovered SBOM file\n * cargo sbom integration\n * Get rid of unmaintained wee_alloc in test code to make people\u0027s scanners misled by GHSA chill out\n * Don\u0027t fail plan workflow due to manually changed release.yml\n * Bump Ubuntu version to hopefully fix release.yml workflow\n * Add test for stripped binary\n * Bump version to 0.6.7\n * Populate changelog\n * README.md: add auditable2cdx, more consistency in text\n * Placate clippy\n * Do not emit -Wl if a bare linker is in use\n * Get rid of a compiler warning\n * Add bare linker detection function\n * drop boilerplate from test that\u0027s no longer relevant\n * Add support for recovering rustc codegen options\n * More lenient parsing of rustc arguments\n * More descriptive error message in case rustc is killed abruptly\n * change formatting to fit rustfmt\n * More descriptive error message in case cargo is killed\n * Update REPLACING_CARGO.md to fix #195\n * Clarify osv-scanner support in README\n * Include the command required to view metadata\n * Mention wasm-tools support\n * Switch from broken generic cache action to a Rust-specific one\n * Fill in various fields in auditable2cdx Cargo.toml\n * Include osv-scanner in the list, with a caveat\n * Add link to blint repo to README\n * Mention that blint supports our data\n * Consolidate target definitions\n * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that\n * Migrate to a maintained toolchain action\n * Fix author specification\n * Add link to repository to resolverver Cargo.toml\n * Bump resolverver to 0.1.0\n * Add resolverver crate to the tree\n\n- Update to version 0.6.6~0:\n\n * Note the `object` upgrade in the changelog\n * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx\n * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint\n * Update dependencies in the lock file\n * Populate changelog\n * apply clippy lint\n * add another --emit parsing test\n * shorter code with cargo fmt\n * Actually fix cargo-c compatibility\n * Attempt to fix cargo-capi incompatibility\n * Refactoring in preparation for fixes\n * Also read the --emit flag to rustc\n * Fill in changelogs\n * Bump versions\n * Drop cfg\u0027d out tests\n * Drop obsolete doc line\n * Move dependency cycle tests from auditable-serde to cargo-auditable crate\n * Remove cargo_metadata from auditable-serde API surface.\n * Apply clippy lint\n * Upgrade miniz_oxide to 0.8.0\n * Insulate our semver from miniz_oxide semver\n * Add support for Rust 2024 edition\n * Update tests\n * More robust OS detection for riscv feature detection\n * bump version\n * update changelog for auditable-extract 0.3.5\n * Fix wasm component auditable data extraction\n * Update blocker description in README.md\n * Add openSUSE to adopters\n * Update list of know adopters\n * Fix detection of `riscv64-linux-android` target features\n * Silence noisy lint\n * Bump version requirement in rust-audit-info\n * Fill in changelogs\n * Bump semver of auditable-info\n * Drop obsolete comment now that wasm is enabled by default\n * Remove dependency on cargo-lock\n * Brag about adoption in the README\n * Don\u0027t use LTO for cargo-dist builds to make them consistent with `cargo install` etc\n * Also build musl binaries\n * dist: update dist config for future releases\n * dist(cargo-auditable): ignore auditable2cdx for now\n * chore: add cargo-dist\n\n- Update to version 0.6.4~0:\n\n * Release cargo-auditable v0.6.4\n * Correctly attribute changelog file addition in changelog\n * Add changelog for auditable-extract\n * Verify various feature combinations in CI\n * Upgrade wasmparser to remove dependencies with `unsafe`\n * Add LoongArch support\n * cargo fmt\n * Move doc headers to README.md and point rustdoc to them, so that we have nice crates.io pages\n * Expand on the note about WebAssembly parsing\n * Populate changelogs\n * Resume bragging about all dependencies being safe, now that there is a caveat below\n * drop fuzz Cargo.lock to always fuzz against latest versions\n * Bump `cargo auditable` version\n * Mention WASM support in README\n * Revert \u0027Be super duper extra sure both MinGW and MSVC are tested on CI\u0027\n * Be super duper extra sure both MinGW and MSVC are tested on CI\n * Add wasm32 targets to CI for more platforms\n * Don\u0027t pass --target twice in tests\n * Install WASM toolchain in CI\n * cargo fmt\n * Add WASM end-to-end test\n * cargo fmt\n * Update documentation to mention the WASM feature\n * cargo fmt\n * Plumb WASM parsing feature through the whole stack\n * Make WASM parsing an optional, non-default feature\n * Add a fuzzing harness for WASM parsing\n * Rewritten WASM parsing to avoid heap allocations\n * Initial WASM extraction support\n * Nicer assertion\n * Drop obsolete comment\n * Clarify that embedding the compiler version has shipped.\n * Fixed section name for WASM\n * Unified and more robust platform detection. Fixed wasm build process\n * Initial WASM support\n * More robust platform detection for picking the binary format\n * Fix Windows CI to run both -msvc and -gnu\n * Use the correct link.exe flag for preserving the specified symbol even if it is unused\n * Fix Windows\n * Fix tests on Rust 1.77\n * Placate clippy\n * Oopps, I meant components field\n * Also remove the dependencies field if empty\n * Use serde_json with order preservation feature to get a more compressible JSON after workarounds\n * Work around cyclonedx-bom limitations to produce minified JSON\n * Also record the dependency kind\n * cyclonedx-bom: also record PURL\n * Also write the dependency tree\n * Clear the serial number in the minimal CycloneDX variant\n * Prototype impl of auditable2cdx\n * Fill in auditable2cdx dependencies\n * Initial auditable2cdx boilerplace\n * add #![forbid(unsafe_code)]\n * Initial implementation of auditable-to-cyclonedx conversion\n * Add the necessary dependencies to auditable-cyclonedx\n * Initial dummy package for auditable-cyclonedx\n\n- Update to version 0.6.2~0:\n\n * Update the lockfile\n * New releases of cargo-auditable and auditable-serde\n * Use a separate project for the custom rustc path tests. Fixes intermittent test failures due to race conditions\n * Revert \u0027add commit hashes to git sources\u0027\n * Fix cyclic dependency graph being encoded\n * Revert \u0027An unsuccessful attempt to fix cycles caused by dev-dependencies\u0027\n * An unsuccessful attempt to fix cycles caused by dev-dependencies\n * Fix typo\n * Add comment\n * Add a test for an issue with cyclic dependencies reported at https://github.com/rustsec/rustsec/issues/1043\n * Fix auditable-serde example not building\n * upgrade dependency miniz_oxide to 0.6.0\n * fix formatting errors\n * apply clippy lints for --all-features\n * improve the internal docs and comments\n * apply clippy lints\n * add missing sources for one of test fixtures\n * add commit hashes to git sources\n * Run all tests on CI\n * cargo fmt\n * Run `cargo clean` in tests to get rid of stale binaries\n * Fix date in changelog\n * Populate changelog\n * Bump auditable-info version in rust-audit-info\n * Add auditable-info changelog\n * Bump versions following cargo-lock bump\n * auditable-serde: bump `cargo-lock` to v9\n * switch to UNRELEASED\n * Update CHANGELOG.md\n * Print a better error if calling rustc fails\n * Drop unused import\n * placate Clippy\n * Don\u0027t inject audit info if --print argument is passed to rustc\n * Reflect the version change in Cargo.lock\n * Remove space from keywords\n * bump version to 0.6.1\n * Fix date in changelog\n * Update CHANGELOG.md\n * Add publish=false\n * Commit the generated manpage\n * Add the code for generating a manpage; rather rudimentary so far, but it\u0027s a starting point\n * Explain relation to supply chain attacks\n * Add keywords to the Cargo manifest\n * Revert \u0027generate a man page for cargo auditable\u0027\n * fix formatting\n * fix review feedback, relocate file to under OUT_DIR, don\u0027t use anyhow and also commit the lock file\n * generate a man page for cargo auditable\n * Add Clippy suppression\n * placate clippy\n * commit Cargo.lock\n * Sync to latest object file writing code from rustc\n * Fix examples in docs\n * Allow redundant field names\n * Apply clippy suggestion: match -\u003e if let\n * Check for clippy and format in CI\n * Apply clippy suggestions\n * Run CI with --locked\n\n- Update to version 0.6.0~0:\n\n * README and documentation improvements \n * Read the rustc path passed by Cargo; fixes #90\n * Read location of Cargo from the environment variable Cargo sets for third-party subcommands\n * Add a note on sccache version compatibility to CHANGELOG.md\n * Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error\n * Specifying the binary-scanning feature is no longer needed\n * Pass options such as --offline to `cargo metadata`\n * Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83\n * Bump rust-audit-info to 0.5.2\n * Bump auditable-serde version to 0.5.2\n * Correctly fill in the source even in dependency entries when converting to cargo-lock data format\n * Drop the roundtrip through str in semver::Version\n * Release auditable-info 0.6.1\n * Bump all the version requirements for things depending on auditable-info\n * Fix audit_info_from_slice function signature\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-514,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-514,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-514,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-514,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-514",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0514-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0514-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260514-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0514-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024235.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257906",
"url": "https://bugzilla.suse.com/1257906"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for cargo-auditable",
"tracking": {
"current_release_date": "2026-02-13T14:57:18Z",
"generator": {
"date": "2026-02-13T14:57:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0514-1",
"initial_release_date": "2026-02-13T14:57:18Z",
"revision_history": [
{
"date": "2026-02-13T14:57:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"product": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"product_id": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.i586",
"product": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.i586",
"product_id": "cargo-auditable-0.7.2~0-150300.7.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"product": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"product_id": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.s390x",
"product": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.s390x",
"product_id": "cargo-auditable-0.7.2~0-150300.7.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"product": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"product_id": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.s390x"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:cargo-auditable-0.7.2~0-150300.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T14:57:18Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20534-1
Vulnerability from csaf_suse - Published: 2026-03-02 14:16 - Updated: 2026-03-02 14:16Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
Patchnames: SUSE-SLE-Micro-6.1-418
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\nUpdate to version 0.2.8+116.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257908).\n\nOther updates and bugfixes:\n\n- Update vendored crates `time` to version 0.3.47.\n\n- Update to version 0.2.8+116:\n\n * build(deps): bump bytes from 1.7.2 to 1.11.1\n * api: Modify /version endpoint output in version 2.5\n * Add API v2.5 with backward-compatible /v2.5/quotes/integrity\n * tests: add unit test for resolve_agent_id (#1182)\n * (pull-model): enable retry logic for registration\n * rpm: Update specfiles to apply on master\n * workflows: Add test to detect unused crates\n * lib: Drop unused crates\n * push-model: Drop unused crates\n * keylime-agent: Drop unused crates\n * build(deps): bump uuid from 1.18.1 to 1.19.0\n * Update reqwest-retry to 0.8, retry-policies to 0.5\n * rpm: Fix cargo_build macro usage on CentOS Stream\n * fix(push-model): resolve hash_ek uuid to actual EK hash\n * build(deps): bump thiserror from 2.0.16 to 2.0.17\n * workflows: Separate upstream test suite from e2e coverage\n * Send UEFI measured boot logs as raw bytes (#1173)\n * auth: Add unit tests for SecretToken implementation\n * packit: Enable push-attestation tests\n * resilient_client: Prevent authentication token leakage in logs\n\n- Use tmpfiles.d for /var directories (PED-14736)\n \n- Update to version 0.2.8+96:\n \n * build(deps): bump wiremock from 0.6.4 to 0.6.5\n * build(deps): bump actions/checkout from 5 to 6\n * build(deps): bump chrono from 0.4.41 to 0.4.42\n * packit: Get coverage from Fedora 43 runs\n * Fix issues pointed out by clippy\n * Replace mutex unwraps with proper error handling in TPM library\n * Remove unused session request methods from StructureFiller\n * Fix config panic on missing ek_handle in push model agent\n * build(deps): bump tempfile from 3.21.0 to 3.23.0\n * build(deps): bump actions/upload-artifact from 4 to 6 (#1163)\n * Fix clippy warnings project-wide\n * Add KEYLIME_DIR support for verifier TLS certificates in push model agent\n * Thread privileged resources and use MeasurementList for IMA reading\n * Add privileged resource initialization and privilege dropping to push model agent\n * Fix privilege dropping order in run_as()\n * add documentation on FQDN hostnames\n * Remove confusing logs for push mode agent\n * Set correct default Verifier port (8891-\u003e8881) (#1159)\n * Add verifier_url to reference configuration file (#1158)\n * Add TLS support for Registrar communication (#1139)\n * Fix agent handling of 403 registration responses (#1154)\n * Add minor README.md rephrasing (#1151)\n * build(deps): bump actions/checkout from 5 to 6 (#1153)\n * ci: update spec files for packit COPR build\n * docs: improve challenge encoding and async TPM documentation\n * refactor: improve middleware and error handling\n * feat: add authentication client with middleware integration\n * docker: Include keylime_push_model_agent binary\n * Include attestation_interval configuration (#1146)\n * Persist payload keys to avoid attestation failure on restart\n * crypto: Implement the load or generate pattern for keys\n * Use simple algorithm specifiers in certification_keys object (#1140)\n * tests: Enable more tests in CI\n * Fix RSA2048 algorithm reporting in keylime agent\n * Remove disabled_signing_algorithms configuration\n * rpm: Fix metadata patches to apply to current code\n * workflows/rpm.yml: Use more strict patching\n * build(deps): bump uuid from 1.17.0 to 1.18.1\n * Fix ECC algorithm selection and reporting for keylime agent\n * Improve logging consistency and coherency\n * Implement minimal RFC compliance for Location header and URI parsing (#1125)\n * Use separate keys for payload mechanism and mTLS\n * docker: update rust to 1.81 for distroless Dockerfile\n * Ensure UEFI log capabilities are set to false\n * build(deps): bump http from 1.1.0 to 1.3.1\n * build(deps): bump log from 0.4.27 to 0.4.28\n * build(deps): bump cfg-if from 1.0.1 to 1.0.3\n * build(deps): bump actix-rt from 2.10.0 to 2.11.0\n * build(deps): bump async-trait from 0.1.88 to 0.1.89\n * build(deps): bump trybuild from 1.0.105 to 1.0.110\n * Accept evidence handling structures null entries\n * workflows: Add test to check if RPM patches still apply\n * CI: Enable test add-agent-with-malformed-ek-cert\n * config: Fix singleton tests\n * FSM: Remove needless lifetime annotations (#1105)\n * rpm: Do not remove wiremock which is now available in Fedora\n * Use latest Fedora httpdate version (1.0.3)\n * Enhance coverage with parse_retry_after test\n * Fix issues reported by CI regarding unwrap() calls\n * Reuse max retries indicated to the ResilientClient\n * Include limit of retries to 5 for Retry-After\n * Add policy to handle Retry-After response headers\n * build(deps): bump wiremock from 0.6.3 to 0.6.4\n * build(deps): bump serde_json from 1.0.140 to 1.0.143\n * build(deps): bump pest_derive from 2.8.0 to 2.8.1\n * build(deps): bump syn from 2.0.90 to 2.0.106\n * build(deps): bump tempfile from 3.20.0 to 3.21.0\n * build(deps): bump thiserror from 2.0.12 to 2.0.16\n * rpm: Fix patches to apply to current master code\n * build(deps): bump anyhow from 1.0.98 to 1.0.99\n * state_machine: Automatically clean config override during tests\n * config: Implement singleton and factory pattern\n * testing: Support overriding configuration during tests\n * feat: implement standalone challenge-response authentication module\n * structures: rename session structs for clarity and fix typos\n * tpm: refactor certify_credential_with_iak() into a more generic function\n * Add Push Model Agent Mermaid FSM chart (#1095)\n * Add state to avoid exiting on wrong attestation (#1093)\n * Add 6 alphanumeric lowercase X-Request-ID header\n * Enhance Evidence Handling response parsing\n * build(deps): bump quote from 1.0.35 to 1.0.40\n * build(deps): bump libc from 0.2.172 to 0.2.175\n * build(deps): bump glob from 0.3.2 to 0.3.3\n * build(deps): bump actix-web from 4.10.2 to 4.11.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-418",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20534-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20534-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620534-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20534-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024561.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-03-02T14:16:07Z",
"generator": {
"date": "2026-03-02T14:16:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20534-1",
"initial_release_date": "2026-03-02T14:16:07Z",
"revision_history": [
{
"date": "2026-03-02T14:16:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x",
"product_id": "rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:rust-keylime-0.2.8+116-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-02T14:16:07Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0506-1
Vulnerability from csaf_suse - Published: 2026-02-13 14:32 - Updated: 2026-02-13 14:32Summary
Security update for cargo-auditable
Severity
Important
Notes
Title of the patch: Security update for cargo-auditable
Description of the patch: This update for cargo-auditable fixes the following issues:
Update to version 0.7.2~0.
Security issues fixed:
- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257906).
Other updates and bugfixes:
- Update to version 0.7.2~0:
* mention cargo-dist in README
* commit Cargo.lock
* bump which dev-dependency to 8.0.0
* bump object to 0.37
* Upgrade cargo_metadata to 0.23
* Expand the set of dist platforms in config
- Update to version 0.7.1~0:
* Out out of unhelpful clippy lint
* Satisfy clippy
* Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't
* Run apt-get update before trying to install packages
* run `cargo dist init` on dist 0.30
* Drop allow-dirty from dist config, should no longer be needed
* Reorder paragraphs in README
* Note the maintenance transition for the go extraction library
* Editing pass on the adopters: scanners
* clarify Docker support
* Cargo clippy fix
* Add Wolfi OS and Chainguard to adopters
* Update mentions around Anchore tooling
* README and documentation updates for nightly
* Bump dependency version in rust-audit-info
* More work on docs
* Nicer formatting on format revision documentation
* Bump versions
* regenerate JSON schema
* cargo fmt
* Document format field
* Make it more clear that RawVersionInfo is private
* Add format field to the serialized data
* cargo clippy fix
* Add special handling for proc macros to treat them as the build dependencies they are
* Add a test to ensure proc macros are reported as build dependencies
* Add a test fixture for a crate with a proc macro dependency
* parse fully qualified package ID specs from SBOMs
* select first discovered SBOM file
* cargo sbom integration
* Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out
* Don't fail plan workflow due to manually changed release.yml
* Bump Ubuntu version to hopefully fix release.yml workflow
* Add test for stripped binary
* Bump version to 0.6.7
* Populate changelog
* README.md: add auditable2cdx, more consistency in text
* Placate clippy
* Do not emit -Wl if a bare linker is in use
* Get rid of a compiler warning
* Add bare linker detection function
* drop boilerplate from test that's no longer relevant
* Add support for recovering rustc codegen options
* More lenient parsing of rustc arguments
* More descriptive error message in case rustc is killed abruptly
* change formatting to fit rustfmt
* More descriptive error message in case cargo is killed
* Update REPLACING_CARGO.md to fix #195
* Clarify osv-scanner support in README
* Include the command required to view metadata
* Mention wasm-tools support
* Switch from broken generic cache action to a Rust-specific one
* Fill in various fields in auditable2cdx Cargo.toml
* Include osv-scanner in the list, with a caveat
* Add link to blint repo to README
* Mention that blint supports our data
* Consolidate target definitions
* Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that
* Migrate to a maintained toolchain action
* Fix author specification
* Add link to repository to resolverver Cargo.toml
* Bump resolverver to 0.1.0
* Add resolverver crate to the tree
- Update to version 0.6.6~0:
* Note the `object` upgrade in the changelog
* Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx
* Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint
* Update dependencies in the lock file
* Populate changelog
* apply clippy lint
* add another --emit parsing test
* shorter code with cargo fmt
* Actually fix cargo-c compatibility
* Attempt to fix cargo-capi incompatibility
* Refactoring in preparation for fixes
* Also read the --emit flag to rustc
* Fill in changelogs
* Bump versions
* Drop cfg'd out tests
* Drop obsolete doc line
* Move dependency cycle tests from auditable-serde to cargo-auditable crate
* Remove cargo_metadata from auditable-serde API surface.
* Apply clippy lint
* Upgrade miniz_oxide to 0.8.0
* Insulate our semver from miniz_oxide semver
* Add support for Rust 2024 edition
* Update tests
* More robust OS detection for riscv feature detection
* bump version
* update changelog for auditable-extract 0.3.5
* Fix wasm component auditable data extraction
* Update blocker description in README.md
* Add openSUSE to adopters
* Update list of know adopters
* Fix detection of `riscv64-linux-android` target features
* Silence noisy lint
* Bump version requirement in rust-audit-info
* Fill in changelogs
* Bump semver of auditable-info
* Drop obsolete comment now that wasm is enabled by default
* Remove dependency on cargo-lock
* Brag about adoption in the README
* Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc
* Also build musl binaries
* dist: update dist config for future releases
* dist(cargo-auditable): ignore auditable2cdx for now
* chore: add cargo-dist
Patchnames: SUSE-2026-506,SUSE-SLE-Module-Development-Tools-15-SP7-2026-506
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cargo-auditable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cargo-auditable fixes the following issues:\n\nUpdate to version 0.7.2~0.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257906).\n\nOther updates and bugfixes:\n\n- Update to version 0.7.2~0:\n\n * mention cargo-dist in README\n * commit Cargo.lock\n * bump which dev-dependency to 8.0.0\n * bump object to 0.37\n * Upgrade cargo_metadata to 0.23\n * Expand the set of dist platforms in config\n\n- Update to version 0.7.1~0:\n\n * Out out of unhelpful clippy lint\n * Satisfy clippy\n * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren\u0027t\n * Run apt-get update before trying to install packages\n * run `cargo dist init` on dist 0.30\n * Drop allow-dirty from dist config, should no longer be needed\n * Reorder paragraphs in README\n * Note the maintenance transition for the go extraction library\n * Editing pass on the adopters: scanners\n * clarify Docker support\n * Cargo clippy fix\n * Add Wolfi OS and Chainguard to adopters\n * Update mentions around Anchore tooling\n * README and documentation updates for nightly\n * Bump dependency version in rust-audit-info\n * More work on docs\n * Nicer formatting on format revision documentation\n * Bump versions\n * regenerate JSON schema\n * cargo fmt\n * Document format field\n * Make it more clear that RawVersionInfo is private\n * Add format field to the serialized data\n * cargo clippy fix\n * Add special handling for proc macros to treat them as the build dependencies they are\n * Add a test to ensure proc macros are reported as build dependencies\n * Add a test fixture for a crate with a proc macro dependency\n * parse fully qualified package ID specs from SBOMs\n * select first discovered SBOM file\n * cargo sbom integration\n * Get rid of unmaintained wee_alloc in test code to make people\u0027s scanners misled by GHSA chill out\n * Don\u0027t fail plan workflow due to manually changed release.yml\n * Bump Ubuntu version to hopefully fix release.yml workflow\n * Add test for stripped binary\n * Bump version to 0.6.7\n * Populate changelog\n * README.md: add auditable2cdx, more consistency in text\n * Placate clippy\n * Do not emit -Wl if a bare linker is in use\n * Get rid of a compiler warning\n * Add bare linker detection function\n * drop boilerplate from test that\u0027s no longer relevant\n * Add support for recovering rustc codegen options\n * More lenient parsing of rustc arguments\n * More descriptive error message in case rustc is killed abruptly\n * change formatting to fit rustfmt\n * More descriptive error message in case cargo is killed\n * Update REPLACING_CARGO.md to fix #195\n * Clarify osv-scanner support in README\n * Include the command required to view metadata\n * Mention wasm-tools support\n * Switch from broken generic cache action to a Rust-specific one\n * Fill in various fields in auditable2cdx Cargo.toml\n * Include osv-scanner in the list, with a caveat\n * Add link to blint repo to README\n * Mention that blint supports our data\n * Consolidate target definitions\n * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that\n * Migrate to a maintained toolchain action\n * Fix author specification\n * Add link to repository to resolverver Cargo.toml\n * Bump resolverver to 0.1.0\n * Add resolverver crate to the tree\n\n- Update to version 0.6.6~0:\n\n * Note the `object` upgrade in the changelog\n * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx\n * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint\n * Update dependencies in the lock file\n * Populate changelog\n * apply clippy lint\n * add another --emit parsing test\n * shorter code with cargo fmt\n * Actually fix cargo-c compatibility\n * Attempt to fix cargo-capi incompatibility\n * Refactoring in preparation for fixes\n * Also read the --emit flag to rustc\n * Fill in changelogs\n * Bump versions\n * Drop cfg\u0027d out tests\n * Drop obsolete doc line\n * Move dependency cycle tests from auditable-serde to cargo-auditable crate\n * Remove cargo_metadata from auditable-serde API surface.\n * Apply clippy lint\n * Upgrade miniz_oxide to 0.8.0\n * Insulate our semver from miniz_oxide semver\n * Add support for Rust 2024 edition\n * Update tests\n * More robust OS detection for riscv feature detection\n * bump version\n * update changelog for auditable-extract 0.3.5\n * Fix wasm component auditable data extraction\n * Update blocker description in README.md\n * Add openSUSE to adopters\n * Update list of know adopters\n * Fix detection of `riscv64-linux-android` target features\n * Silence noisy lint\n * Bump version requirement in rust-audit-info\n * Fill in changelogs\n * Bump semver of auditable-info\n * Drop obsolete comment now that wasm is enabled by default\n * Remove dependency on cargo-lock\n * Brag about adoption in the README\n * Don\u0027t use LTO for cargo-dist builds to make them consistent with `cargo install` etc\n * Also build musl binaries\n * dist: update dist config for future releases\n * dist(cargo-auditable): ignore auditable2cdx for now\n * chore: add cargo-dist\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-506,SUSE-SLE-Module-Development-Tools-15-SP7-2026-506",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0506-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0506-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260506-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0506-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024238.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257906",
"url": "https://bugzilla.suse.com/1257906"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for cargo-auditable",
"tracking": {
"current_release_date": "2026-02-13T14:32:17Z",
"generator": {
"date": "2026-02-13T14:32:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0506-1",
"initial_release_date": "2026-02-13T14:32:17Z",
"revision_history": [
{
"date": "2026-02-13T14:32:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.aarch64",
"product": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.aarch64",
"product_id": "cargo-auditable-0.7.2~0-150700.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.i586",
"product": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.i586",
"product_id": "cargo-auditable-0.7.2~0-150700.3.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le",
"product": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le",
"product_id": "cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.s390x",
"product": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.s390x",
"product_id": "cargo-auditable-0.7.2~0-150700.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.x86_64",
"product": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.x86_64",
"product_id": "cargo-auditable-0.7.2~0-150700.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150700.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.s390x"
},
"product_reference": "cargo-auditable-0.7.2~0-150700.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150700.3.5.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150700.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:cargo-auditable-0.7.2~0-150700.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T14:32:17Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20748-1
Vulnerability from csaf_suse - Published: 2026-03-17 12:49 - Updated: 2026-03-17 12:49Summary
Security update for python-maturin
Severity
Important
Notes
Title of the patch: Security update for python-maturin
Description of the patch: This update for python-maturin fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257918).
Patchnames: SUSE-SL-Micro-6.2-395
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-maturin",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-maturin fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257918).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-395",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20748-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20748-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620748-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20748-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024835.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257918",
"url": "https://bugzilla.suse.com/1257918"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for python-maturin",
"tracking": {
"current_release_date": "2026-03-17T12:49:51Z",
"generator": {
"date": "2026-03-17T12:49:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20748-1",
"initial_release_date": "2026-03-17T12:49:51Z",
"revision_history": [
{
"date": "2026-03-17T12:49:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.aarch64",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.aarch64",
"product_id": "python313-maturin-1.8.7-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.ppc64le",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.ppc64le",
"product_id": "python313-maturin-1.8.7-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.s390x",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.s390x",
"product_id": "python313-maturin-1.8.7-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.x86_64",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.x86_64",
"product_id": "python313-maturin-1.8.7-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.aarch64"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.ppc64le"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.s390x"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.x86_64"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.s390x",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.s390x",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.s390x",
"SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-17T12:49:51Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0452-1
Vulnerability from csaf_suse - Published: 2026-02-11 16:17 - Updated: 2026-02-11 16:17Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
Patchnames: SUSE-2026-452,SUSE-SLE-Micro-5.4-2026-452
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\nUpdate to version 0.2.8+116.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257908).\n\nOther updates and bugfixes:\n\n- Update vendored crates `time` to version 0.3.47.\n\n- Update to version 0.2.8+116:\n\n * build(deps): bump bytes from 1.7.2 to 1.11.1\n * api: Modify /version endpoint output in version 2.5\n * Add API v2.5 with backward-compatible /v2.5/quotes/integrity\n * tests: add unit test for resolve_agent_id (#1182)\n * (pull-model): enable retry logic for registration\n * rpm: Update specfiles to apply on master\n * workflows: Add test to detect unused crates\n * lib: Drop unused crates\n * push-model: Drop unused crates\n * keylime-agent: Drop unused crates\n * build(deps): bump uuid from 1.18.1 to 1.19.0\n * Update reqwest-retry to 0.8, retry-policies to 0.5\n * rpm: Fix cargo_build macro usage on CentOS Stream\n * fix(push-model): resolve hash_ek uuid to actual EK hash\n * build(deps): bump thiserror from 2.0.16 to 2.0.17\n * workflows: Separate upstream test suite from e2e coverage\n * Send UEFI measured boot logs as raw bytes (#1173)\n * auth: Add unit tests for SecretToken implementation\n * packit: Enable push-attestation tests\n * resilient_client: Prevent authentication token leakage in logs\n\n- Use tmpfiles.d for /var directories (PED-14736)\n \n- Update to version 0.2.8+96:\n \n * build(deps): bump wiremock from 0.6.4 to 0.6.5\n * build(deps): bump actions/checkout from 5 to 6\n * build(deps): bump chrono from 0.4.41 to 0.4.42\n * packit: Get coverage from Fedora 43 runs\n * Fix issues pointed out by clippy\n * Replace mutex unwraps with proper error handling in TPM library\n * Remove unused session request methods from StructureFiller\n * Fix config panic on missing ek_handle in push model agent\n * build(deps): bump tempfile from 3.21.0 to 3.23.0\n * build(deps): bump actions/upload-artifact from 4 to 6 (#1163)\n * Fix clippy warnings project-wide\n * Add KEYLIME_DIR support for verifier TLS certificates in push model agent\n * Thread privileged resources and use MeasurementList for IMA reading\n * Add privileged resource initialization and privilege dropping to push model agent\n * Fix privilege dropping order in run_as()\n * add documentation on FQDN hostnames\n * Remove confusing logs for push mode agent\n * Set correct default Verifier port (8891-\u003e8881) (#1159)\n * Add verifier_url to reference configuration file (#1158)\n * Add TLS support for Registrar communication (#1139)\n * Fix agent handling of 403 registration responses (#1154)\n * Add minor README.md rephrasing (#1151)\n * build(deps): bump actions/checkout from 5 to 6 (#1153)\n * ci: update spec files for packit COPR build\n * docs: improve challenge encoding and async TPM documentation\n * refactor: improve middleware and error handling\n * feat: add authentication client with middleware integration\n * docker: Include keylime_push_model_agent binary\n * Include attestation_interval configuration (#1146)\n * Persist payload keys to avoid attestation failure on restart\n * crypto: Implement the load or generate pattern for keys\n * Use simple algorithm specifiers in certification_keys object (#1140)\n * tests: Enable more tests in CI\n * Fix RSA2048 algorithm reporting in keylime agent\n * Remove disabled_signing_algorithms configuration\n * rpm: Fix metadata patches to apply to current code\n * workflows/rpm.yml: Use more strict patching\n * build(deps): bump uuid from 1.17.0 to 1.18.1\n * Fix ECC algorithm selection and reporting for keylime agent\n * Improve logging consistency and coherency\n * Implement minimal RFC compliance for Location header and URI parsing (#1125)\n * Use separate keys for payload mechanism and mTLS\n * docker: update rust to 1.81 for distroless Dockerfile\n * Ensure UEFI log capabilities are set to false\n * build(deps): bump http from 1.1.0 to 1.3.1\n * build(deps): bump log from 0.4.27 to 0.4.28\n * build(deps): bump cfg-if from 1.0.1 to 1.0.3\n * build(deps): bump actix-rt from 2.10.0 to 2.11.0\n * build(deps): bump async-trait from 0.1.88 to 0.1.89\n * build(deps): bump trybuild from 1.0.105 to 1.0.110\n * Accept evidence handling structures null entries\n * workflows: Add test to check if RPM patches still apply\n * CI: Enable test add-agent-with-malformed-ek-cert\n * config: Fix singleton tests\n * FSM: Remove needless lifetime annotations (#1105)\n * rpm: Do not remove wiremock which is now available in Fedora\n * Use latest Fedora httpdate version (1.0.3)\n * Enhance coverage with parse_retry_after test\n * Fix issues reported by CI regarding unwrap() calls\n * Reuse max retries indicated to the ResilientClient\n * Include limit of retries to 5 for Retry-After\n * Add policy to handle Retry-After response headers\n * build(deps): bump wiremock from 0.6.3 to 0.6.4\n * build(deps): bump serde_json from 1.0.140 to 1.0.143\n * build(deps): bump pest_derive from 2.8.0 to 2.8.1\n * build(deps): bump syn from 2.0.90 to 2.0.106\n * build(deps): bump tempfile from 3.20.0 to 3.21.0\n * build(deps): bump thiserror from 2.0.12 to 2.0.16\n * rpm: Fix patches to apply to current master code\n * build(deps): bump anyhow from 1.0.98 to 1.0.99\n * state_machine: Automatically clean config override during tests\n * config: Implement singleton and factory pattern\n * testing: Support overriding configuration during tests\n * feat: implement standalone challenge-response authentication module\n * structures: rename session structs for clarity and fix typos\n * tpm: refactor certify_credential_with_iak() into a more generic function\n * Add Push Model Agent Mermaid FSM chart (#1095)\n * Add state to avoid exiting on wrong attestation (#1093)\n * Add 6 alphanumeric lowercase X-Request-ID header\n * Enhance Evidence Handling response parsing\n * build(deps): bump quote from 1.0.35 to 1.0.40\n * build(deps): bump libc from 0.2.172 to 0.2.175\n * build(deps): bump glob from 0.3.2 to 0.3.3\n * build(deps): bump actix-web from 4.10.2 to 4.11.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-452,SUSE-SLE-Micro-5.4-2026-452",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0452-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0452-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260452-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0452-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024129.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-02-11T16:17:16Z",
"generator": {
"date": "2026-02-11T16:17:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0452-1",
"initial_release_date": "2026-02-11T16:17:16Z",
"revision_history": [
{
"date": "2026-02-11T16:17:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.aarch64",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.11.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-150400.3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.11.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-150400.3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.s390x",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.11.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.11.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.s390x",
"product_id": "rust-keylime-0.2.8+116-150400.3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.11.1.x86_64",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.11.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-150400.3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-150400.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-150400.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150400.3.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-150400.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.8+116-150400.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T16:17:16Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0806-1
Vulnerability from csaf_suse - Published: 2026-03-04 15:46 - Updated: 2026-03-04 15:46Summary
Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration
Severity
Important
Notes
Title of the patch: Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration
Description of the patch: This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration fixes the following issues:
Changes for SLES16-SAP_Migration:
- Bump version: 2.1.30
Changes for SLES16-Migration:
- Bump version: 2.1.30
Changes for suse-migration-sle16-activation:
- Move script package to the main migration provider
- Create lib file for common network-prereq tasks
- Refactor mount_system service
Changes for suse-migration-services:
- Bump to version: 2.1.30:
* Update docinfo
* Update doc/adoc/user_guide.adoc
* Update documentation for 12-to-15 in pubclouds
Fix information about default service pack target.
* Apply make black
* Added black for code formatting
* refactor: add `Zypper.install` wrapper
Add `Zypper.install` wrapper method for package installation
* Fixed get_migration_target return behavior
* fix: ensure NetworkManager is installed on the target system
Changes for wicked2nm:
- Update to version v1.4.1.
Security issues fixed:
- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257911).
Other updates and bugfixes:
- update bytes from 1.10.1 to 1.11.1
- update time to 0.3.47
Patchnames: SUSE-2026-806,SUSE-SLE-Module-Basesystem-15-SP7-2026-806,SUSE-SLE-Module-SAP-Applications-15-SP7-2026-806
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration fixes the following issues:\n\nChanges for SLES16-SAP_Migration:\n \n- Bump version: 2.1.30 \n \nChanges for SLES16-Migration: \n\n- Bump version: 2.1.30 \n \nChanges for suse-migration-sle16-activation:\n \n- Move script package to the main migration provider\n- Create lib file for common network-prereq tasks\n- Refactor mount_system service\n \nChanges for suse-migration-services:\n\n- Bump to version: 2.1.30:\n * Update docinfo\n * Update doc/adoc/user_guide.adoc\n * Update documentation for 12-to-15 in pubclouds\n Fix information about default service pack target.\n * Apply make black\n * Added black for code formatting\n * refactor: add `Zypper.install` wrapper\n Add `Zypper.install` wrapper method for package installation\n * Fixed get_migration_target return behavior\n * fix: ensure NetworkManager is installed on the target system\n\nChanges for wicked2nm: \n \n- Update to version v1.4.1.\n\nSecurity issues fixed:\n- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257911).\n\nOther updates and bugfixes:\n- update bytes from 1.10.1 to 1.11.1\n- update time to 0.3.47 \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-806,SUSE-SLE-Module-Basesystem-15-SP7-2026-806,SUSE-SLE-Module-SAP-Applications-15-SP7-2026-806",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0806-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0806-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260806-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0806-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024566.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257911",
"url": "https://bugzilla.suse.com/1257911"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration",
"tracking": {
"current_release_date": "2026-03-04T15:46:27Z",
"generator": {
"date": "2026-03-04T15:46:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0806-1",
"initial_release_date": "2026-03-04T15:46:27Z",
"revision_history": [
{
"date": "2026-03-04T15:46:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "SLES16-Migration-2.1.30-15.26.4.aarch64",
"product": {
"name": "SLES16-Migration-2.1.30-15.26.4.aarch64",
"product_id": "SLES16-Migration-2.1.30-15.26.4.aarch64"
}
},
{
"category": "product_version",
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.aarch64",
"product": {
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.aarch64",
"product_id": "suse-migration-rpm-1.0.1-150700.15.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64",
"product": {
"name": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64",
"product_id": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "wicked2nm-1.4.1-150700.15.16.1.aarch64",
"product": {
"name": "wicked2nm-1.4.1-150700.15.16.1.aarch64",
"product_id": "wicked2nm-1.4.1-150700.15.16.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.i586",
"product": {
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.i586",
"product_id": "suse-migration-rpm-1.0.1-150700.15.11.1.i586"
}
},
{
"category": "product_version",
"name": "wicked2nm-1.4.1-150700.15.16.1.i586",
"product": {
"name": "wicked2nm-1.4.1-150700.15.16.1.i586",
"product_id": "wicked2nm-1.4.1-150700.15.16.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-migration-2.1.30-150700.15.21.1.noarch",
"product": {
"name": "python3-migration-2.1.30-150700.15.21.1.noarch",
"product_id": "python3-migration-2.1.30-150700.15.21.1.noarch"
}
},
{
"category": "product_version",
"name": "suse-migration-2.1.30-150700.15.21.1.noarch",
"product": {
"name": "suse-migration-2.1.30-150700.15.21.1.noarch",
"product_id": "suse-migration-2.1.30-150700.15.21.1.noarch"
}
},
{
"category": "product_version",
"name": "suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch",
"product": {
"name": "suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch",
"product_id": "suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch"
}
},
{
"category": "product_version",
"name": "suse-migration-scripts-2.1.30-150700.15.21.1.noarch",
"product": {
"name": "suse-migration-scripts-2.1.30-150700.15.21.1.noarch",
"product_id": "suse-migration-scripts-2.1.30-150700.15.21.1.noarch"
}
},
{
"category": "product_version",
"name": "suse-migration-services-2.1.30-150700.15.21.1.noarch",
"product": {
"name": "suse-migration-services-2.1.30-150700.15.21.1.noarch",
"product_id": "suse-migration-services-2.1.30-150700.15.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "SLES16-Migration-2.1.30-15.26.4.ppc64le",
"product": {
"name": "SLES16-Migration-2.1.30-15.26.4.ppc64le",
"product_id": "SLES16-Migration-2.1.30-15.26.4.ppc64le"
}
},
{
"category": "product_version",
"name": "SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le",
"product": {
"name": "SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le",
"product_id": "SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.ppc64le",
"product": {
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.ppc64le",
"product_id": "suse-migration-rpm-1.0.1-150700.15.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "wicked2nm-1.4.1-150700.15.16.1.ppc64le",
"product": {
"name": "wicked2nm-1.4.1-150700.15.16.1.ppc64le",
"product_id": "wicked2nm-1.4.1-150700.15.16.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "SLES16-Migration-2.1.30-15.26.4.s390x",
"product": {
"name": "SLES16-Migration-2.1.30-15.26.4.s390x",
"product_id": "SLES16-Migration-2.1.30-15.26.4.s390x"
}
},
{
"category": "product_version",
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.s390x",
"product": {
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.s390x",
"product_id": "suse-migration-rpm-1.0.1-150700.15.11.1.s390x"
}
},
{
"category": "product_version",
"name": "wicked2nm-1.4.1-150700.15.16.1.s390x",
"product": {
"name": "wicked2nm-1.4.1-150700.15.16.1.s390x",
"product_id": "wicked2nm-1.4.1-150700.15.16.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "SLES16-Migration-2.1.30-15.26.4.x86_64",
"product": {
"name": "SLES16-Migration-2.1.30-15.26.4.x86_64",
"product_id": "SLES16-Migration-2.1.30-15.26.4.x86_64"
}
},
{
"category": "product_version",
"name": "SLES16-SAP_Migration-2.1.30-15.18.4.x86_64",
"product": {
"name": "SLES16-SAP_Migration-2.1.30-15.18.4.x86_64",
"product_id": "SLES16-SAP_Migration-2.1.30-15.18.4.x86_64"
}
},
{
"category": "product_version",
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.x86_64",
"product": {
"name": "suse-migration-rpm-1.0.1-150700.15.11.1.x86_64",
"product_id": "suse-migration-rpm-1.0.1-150700.15.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64",
"product": {
"name": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64",
"product_id": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "wicked2nm-1.4.1-150700.15.16.1.x86_64",
"product": {
"name": "wicked2nm-1.4.1-150700.15.16.1.x86_64",
"product_id": "wicked2nm-1.4.1-150700.15.16.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for SAP Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for SAP Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for SAP Applications 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-sap-applications:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "SLES16-Migration-2.1.30-15.26.4.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.aarch64"
},
"product_reference": "SLES16-Migration-2.1.30-15.26.4.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SLES16-Migration-2.1.30-15.26.4.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.ppc64le"
},
"product_reference": "SLES16-Migration-2.1.30-15.26.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SLES16-Migration-2.1.30-15.26.4.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.s390x"
},
"product_reference": "SLES16-Migration-2.1.30-15.26.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SLES16-Migration-2.1.30-15.26.4.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.x86_64"
},
"product_reference": "SLES16-Migration-2.1.30-15.26.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-migration-2.1.30-150700.15.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-migration-2.1.30-150700.15.21.1.noarch"
},
"product_reference": "python3-migration-2.1.30-150700.15.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch"
},
"product_reference": "suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-migration-scripts-2.1.30-150700.15.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-scripts-2.1.30-150700.15.21.1.noarch"
},
"product_reference": "suse-migration-scripts-2.1.30-150700.15.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64"
},
"product_reference": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64"
},
"product_reference": "suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-150700.15.16.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.aarch64"
},
"product_reference": "wicked2nm-1.4.1-150700.15.16.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-150700.15.16.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.ppc64le"
},
"product_reference": "wicked2nm-1.4.1-150700.15.16.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-150700.15.16.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.s390x"
},
"product_reference": "wicked2nm-1.4.1-150700.15.16.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-150700.15.16.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.x86_64"
},
"product_reference": "wicked2nm-1.4.1-150700.15.16.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le as component of SUSE Linux Enterprise Module for SAP Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le"
},
"product_reference": "SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for SAP Applications 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "SLES16-SAP_Migration-2.1.30-15.18.4.x86_64 as component of SUSE Linux Enterprise Module for SAP Applications 15 SP7",
"product_id": "SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.x86_64"
},
"product_reference": "SLES16-SAP_Migration-2.1.30-15.18.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for SAP Applications 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-migration-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-scripts-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.x86_64",
"SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le",
"SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-migration-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-scripts-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.x86_64",
"SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le",
"SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-migration-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-pre-checks-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-scripts-2.1.30-150700.15.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-sle16-activation-2.1.30-150700.15.13.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:wicked2nm-1.4.1-150700.15.16.1.x86_64",
"SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.ppc64le",
"SUSE Linux Enterprise Module for SAP Applications 15 SP7:SLES16-SAP_Migration-2.1.30-15.18.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-04T15:46:27Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0505-1
Vulnerability from csaf_suse - Published: 2026-02-13 14:31 - Updated: 2026-02-13 14:31Summary
Security update for cargo-auditable
Severity
Important
Notes
Title of the patch: Security update for cargo-auditable
Description of the patch: This update for cargo-auditable fixes the following issues:
Update to version 0.7.2~0.
Security issues fixed:
- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257906).
Other updates and bugfixes:
- Update to version 0.7.2~0:
* mention cargo-dist in README
* commit Cargo.lock
* bump which dev-dependency to 8.0.0
* bump object to 0.37
* Upgrade cargo_metadata to 0.23
* Expand the set of dist platforms in config
- Update to version 0.7.1~0:
* Out out of unhelpful clippy lint
* Satisfy clippy
* Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't
* Run apt-get update before trying to install packages
* run `cargo dist init` on dist 0.30
* Drop allow-dirty from dist config, should no longer be needed
* Reorder paragraphs in README
* Note the maintenance transition for the go extraction library
* Editing pass on the adopters: scanners
* clarify Docker support
* Cargo clippy fix
* Add Wolfi OS and Chainguard to adopters
* Update mentions around Anchore tooling
* README and documentation updates for nightly
* Bump dependency version in rust-audit-info
* More work on docs
* Nicer formatting on format revision documentation
* Bump versions
* regenerate JSON schema
* cargo fmt
* Document format field
* Make it more clear that RawVersionInfo is private
* Add format field to the serialized data
* cargo clippy fix
* Add special handling for proc macros to treat them as the build dependencies they are
* Add a test to ensure proc macros are reported as build dependencies
* Add a test fixture for a crate with a proc macro dependency
* parse fully qualified package ID specs from SBOMs
* select first discovered SBOM file
* cargo sbom integration
* Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out
* Don't fail plan workflow due to manually changed release.yml
* Bump Ubuntu version to hopefully fix release.yml workflow
* Add test for stripped binary
* Bump version to 0.6.7
* Populate changelog
* README.md: add auditable2cdx, more consistency in text
* Placate clippy
* Do not emit -Wl if a bare linker is in use
* Get rid of a compiler warning
* Add bare linker detection function
* drop boilerplate from test that's no longer relevant
* Add support for recovering rustc codegen options
* More lenient parsing of rustc arguments
* More descriptive error message in case rustc is killed abruptly
* change formatting to fit rustfmt
* More descriptive error message in case cargo is killed
* Update REPLACING_CARGO.md to fix #195
* Clarify osv-scanner support in README
* Include the command required to view metadata
* Mention wasm-tools support
* Switch from broken generic cache action to a Rust-specific one
* Fill in various fields in auditable2cdx Cargo.toml
* Include osv-scanner in the list, with a caveat
* Add link to blint repo to README
* Mention that blint supports our data
* Consolidate target definitions
* Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that
* Migrate to a maintained toolchain action
* Fix author specification
* Add link to repository to resolverver Cargo.toml
* Bump resolverver to 0.1.0
* Add resolverver crate to the tree
- Update to version 0.6.6~0:
* Note the `object` upgrade in the changelog
* Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx
* Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint
* Update dependencies in the lock file
* Populate changelog
* apply clippy lint
* add another --emit parsing test
* shorter code with cargo fmt
* Actually fix cargo-c compatibility
* Attempt to fix cargo-capi incompatibility
* Refactoring in preparation for fixes
* Also read the --emit flag to rustc
* Fill in changelogs
* Bump versions
* Drop cfg'd out tests
* Drop obsolete doc line
* Move dependency cycle tests from auditable-serde to cargo-auditable crate
* Remove cargo_metadata from auditable-serde API surface.
* Apply clippy lint
* Upgrade miniz_oxide to 0.8.0
* Insulate our semver from miniz_oxide semver
* Add support for Rust 2024 edition
* Update tests
* More robust OS detection for riscv feature detection
* bump version
* update changelog for auditable-extract 0.3.5
* Fix wasm component auditable data extraction
* Update blocker description in README.md
* Add openSUSE to adopters
* Update list of know adopters
* Fix detection of `riscv64-linux-android` target features
* Silence noisy lint
* Bump version requirement in rust-audit-info
* Fill in changelogs
* Bump semver of auditable-info
* Drop obsolete comment now that wasm is enabled by default
* Remove dependency on cargo-lock
* Brag about adoption in the README
* Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc
* Also build musl binaries
* dist: update dist config for future releases
* dist(cargo-auditable): ignore auditable2cdx for now
* chore: add cargo-dist
Patchnames: SUSE-2026-505,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-505,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-505,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-505,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-505,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-505,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-505,openSUSE-SLE-15.6-2026-505
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cargo-auditable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cargo-auditable fixes the following issues:\n\nUpdate to version 0.7.2~0.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257906).\n\nOther updates and bugfixes:\n\n- Update to version 0.7.2~0:\n\n * mention cargo-dist in README\n * commit Cargo.lock\n * bump which dev-dependency to 8.0.0\n * bump object to 0.37\n * Upgrade cargo_metadata to 0.23\n * Expand the set of dist platforms in config\n\n- Update to version 0.7.1~0:\n\n * Out out of unhelpful clippy lint\n * Satisfy clippy\n * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren\u0027t\n * Run apt-get update before trying to install packages\n * run `cargo dist init` on dist 0.30\n * Drop allow-dirty from dist config, should no longer be needed\n * Reorder paragraphs in README\n * Note the maintenance transition for the go extraction library\n * Editing pass on the adopters: scanners\n * clarify Docker support\n * Cargo clippy fix\n * Add Wolfi OS and Chainguard to adopters\n * Update mentions around Anchore tooling\n * README and documentation updates for nightly\n * Bump dependency version in rust-audit-info\n * More work on docs\n * Nicer formatting on format revision documentation\n * Bump versions\n * regenerate JSON schema\n * cargo fmt\n * Document format field\n * Make it more clear that RawVersionInfo is private\n * Add format field to the serialized data\n * cargo clippy fix\n * Add special handling for proc macros to treat them as the build dependencies they are\n * Add a test to ensure proc macros are reported as build dependencies\n * Add a test fixture for a crate with a proc macro dependency\n * parse fully qualified package ID specs from SBOMs\n * select first discovered SBOM file\n * cargo sbom integration\n * Get rid of unmaintained wee_alloc in test code to make people\u0027s scanners misled by GHSA chill out\n * Don\u0027t fail plan workflow due to manually changed release.yml\n * Bump Ubuntu version to hopefully fix release.yml workflow\n * Add test for stripped binary\n * Bump version to 0.6.7\n * Populate changelog\n * README.md: add auditable2cdx, more consistency in text\n * Placate clippy\n * Do not emit -Wl if a bare linker is in use\n * Get rid of a compiler warning\n * Add bare linker detection function\n * drop boilerplate from test that\u0027s no longer relevant\n * Add support for recovering rustc codegen options\n * More lenient parsing of rustc arguments\n * More descriptive error message in case rustc is killed abruptly\n * change formatting to fit rustfmt\n * More descriptive error message in case cargo is killed\n * Update REPLACING_CARGO.md to fix #195\n * Clarify osv-scanner support in README\n * Include the command required to view metadata\n * Mention wasm-tools support\n * Switch from broken generic cache action to a Rust-specific one\n * Fill in various fields in auditable2cdx Cargo.toml\n * Include osv-scanner in the list, with a caveat\n * Add link to blint repo to README\n * Mention that blint supports our data\n * Consolidate target definitions\n * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that\n * Migrate to a maintained toolchain action\n * Fix author specification\n * Add link to repository to resolverver Cargo.toml\n * Bump resolverver to 0.1.0\n * Add resolverver crate to the tree\n\n- Update to version 0.6.6~0:\n\n * Note the `object` upgrade in the changelog\n * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx\n * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint\n * Update dependencies in the lock file\n * Populate changelog\n * apply clippy lint\n * add another --emit parsing test\n * shorter code with cargo fmt\n * Actually fix cargo-c compatibility\n * Attempt to fix cargo-capi incompatibility\n * Refactoring in preparation for fixes\n * Also read the --emit flag to rustc\n * Fill in changelogs\n * Bump versions\n * Drop cfg\u0027d out tests\n * Drop obsolete doc line\n * Move dependency cycle tests from auditable-serde to cargo-auditable crate\n * Remove cargo_metadata from auditable-serde API surface.\n * Apply clippy lint\n * Upgrade miniz_oxide to 0.8.0\n * Insulate our semver from miniz_oxide semver\n * Add support for Rust 2024 edition\n * Update tests\n * More robust OS detection for riscv feature detection\n * bump version\n * update changelog for auditable-extract 0.3.5\n * Fix wasm component auditable data extraction\n * Update blocker description in README.md\n * Add openSUSE to adopters\n * Update list of know adopters\n * Fix detection of `riscv64-linux-android` target features\n * Silence noisy lint\n * Bump version requirement in rust-audit-info\n * Fill in changelogs\n * Bump semver of auditable-info\n * Drop obsolete comment now that wasm is enabled by default\n * Remove dependency on cargo-lock\n * Brag about adoption in the README\n * Don\u0027t use LTO for cargo-dist builds to make them consistent with `cargo install` etc\n * Also build musl binaries\n * dist: update dist config for future releases\n * dist(cargo-auditable): ignore auditable2cdx for now\n * chore: add cargo-dist\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-505,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-505,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-505,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-505,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-505,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-505,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-505,openSUSE-SLE-15.6-2026-505",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0505-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0505-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260505-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0505-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024243.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257906",
"url": "https://bugzilla.suse.com/1257906"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for cargo-auditable",
"tracking": {
"current_release_date": "2026-02-13T14:31:50Z",
"generator": {
"date": "2026-02-13T14:31:50Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0505-1",
"initial_release_date": "2026-02-13T14:31:50Z",
"revision_history": [
{
"date": "2026-02-13T14:31:50Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"product": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"product_id": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.i586",
"product": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.i586",
"product_id": "cargo-auditable-0.7.2~0-150500.12.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"product": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"product_id": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"product": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"product_id": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"product": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"product_id": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x",
"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T14:31:50Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20684-1
Vulnerability from csaf_suse - Published: 2026-03-05 14:24 - Updated: 2026-03-05 14:24Summary
Security update for virtiofsd
Severity
Important
Notes
Title of the patch: Security update for virtiofsd
Description of the patch: This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
Patchnames: SUSE-SL-Micro-6.2-359
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for virtiofsd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for virtiofsd fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257912).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-359",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20684-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20684-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620684-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20684-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024735.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257912",
"url": "https://bugzilla.suse.com/1257912"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for virtiofsd",
"tracking": {
"current_release_date": "2026-03-05T14:24:46Z",
"generator": {
"date": "2026-03-05T14:24:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20684-1",
"initial_release_date": "2026-03-05T14:24:46Z",
"revision_history": [
{
"date": "2026-03-05T14:24:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.aarch64",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.aarch64",
"product_id": "virtiofsd-1.12.0-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.ppc64le",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.ppc64le",
"product_id": "virtiofsd-1.12.0-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.s390x",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.s390x",
"product_id": "virtiofsd-1.12.0-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.x86_64",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.x86_64",
"product_id": "virtiofsd-1.12.0-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.aarch64"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.ppc64le"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.s390x"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.x86_64"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.s390x",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.s390x",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.s390x",
"SUSE Linux Micro 6.2:virtiofsd-1.12.0-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T14:24:46Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0453-1
Vulnerability from csaf_suse - Published: 2026-02-11 16:17 - Updated: 2026-02-11 16:17Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
Patchnames: SUSE-2026-453,SUSE-SLE-Micro-5.3-2026-453
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\nUpdate to version 0.2.8+116.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257908).\n\nOther updates and bugfixes:\n\n- Update vendored crates `time` to version 0.3.47.\n\n- Update to version 0.2.8+116:\n \n * build(deps): bump bytes from 1.7.2 to 1.11.1\n * api: Modify /version endpoint output in version 2.5\n * Add API v2.5 with backward-compatible /v2.5/quotes/integrity\n * tests: add unit test for resolve_agent_id (#1182)\n * (pull-model): enable retry logic for registration\n * rpm: Update specfiles to apply on master\n * workflows: Add test to detect unused crates\n * lib: Drop unused crates\n * push-model: Drop unused crates\n * keylime-agent: Drop unused crates\n * build(deps): bump uuid from 1.18.1 to 1.19.0\n * Update reqwest-retry to 0.8, retry-policies to 0.5\n * rpm: Fix cargo_build macro usage on CentOS Stream\n * fix(push-model): resolve hash_ek uuid to actual EK hash\n * build(deps): bump thiserror from 2.0.16 to 2.0.17\n * workflows: Separate upstream test suite from e2e coverage\n * Send UEFI measured boot logs as raw bytes (#1173)\n * auth: Add unit tests for SecretToken implementation\n * packit: Enable push-attestation tests\n * resilient_client: Prevent authentication token leakage in logs\n\n- Use tmpfiles.d for /var directories (PED-14736)\n \n- Update to version 0.2.8+96:\n \n * build(deps): bump wiremock from 0.6.4 to 0.6.5\n * build(deps): bump actions/checkout from 5 to 6\n * build(deps): bump chrono from 0.4.41 to 0.4.42\n * packit: Get coverage from Fedora 43 runs\n * Fix issues pointed out by clippy\n * Replace mutex unwraps with proper error handling in TPM library\n * Remove unused session request methods from StructureFiller\n * Fix config panic on missing ek_handle in push model agent\n * build(deps): bump tempfile from 3.21.0 to 3.23.0\n * build(deps): bump actions/upload-artifact from 4 to 6 (#1163)\n * Fix clippy warnings project-wide\n * Add KEYLIME_DIR support for verifier TLS certificates in push model agent\n * Thread privileged resources and use MeasurementList for IMA reading\n * Add privileged resource initialization and privilege dropping to push model agent\n * Fix privilege dropping order in run_as()\n * add documentation on FQDN hostnames\n * Remove confusing logs for push mode agent\n * Set correct default Verifier port (8891-\u003e8881) (#1159)\n * Add verifier_url to reference configuration file (#1158)\n * Add TLS support for Registrar communication (#1139)\n * Fix agent handling of 403 registration responses (#1154)\n * Add minor README.md rephrasing (#1151)\n * build(deps): bump actions/checkout from 5 to 6 (#1153)\n * ci: update spec files for packit COPR build\n * docs: improve challenge encoding and async TPM documentation\n * refactor: improve middleware and error handling\n * feat: add authentication client with middleware integration\n * docker: Include keylime_push_model_agent binary\n * Include attestation_interval configuration (#1146)\n * Persist payload keys to avoid attestation failure on restart\n * crypto: Implement the load or generate pattern for keys\n * Use simple algorithm specifiers in certification_keys object (#1140)\n * tests: Enable more tests in CI\n * Fix RSA2048 algorithm reporting in keylime agent\n * Remove disabled_signing_algorithms configuration\n * rpm: Fix metadata patches to apply to current code\n * workflows/rpm.yml: Use more strict patching\n * build(deps): bump uuid from 1.17.0 to 1.18.1\n * Fix ECC algorithm selection and reporting for keylime agent\n * Improve logging consistency and coherency\n * Implement minimal RFC compliance for Location header and URI parsing (#1125)\n * Use separate keys for payload mechanism and mTLS\n * docker: update rust to 1.81 for distroless Dockerfile\n * Ensure UEFI log capabilities are set to false\n * build(deps): bump http from 1.1.0 to 1.3.1\n * build(deps): bump log from 0.4.27 to 0.4.28\n * build(deps): bump cfg-if from 1.0.1 to 1.0.3\n * build(deps): bump actix-rt from 2.10.0 to 2.11.0\n * build(deps): bump async-trait from 0.1.88 to 0.1.89\n * build(deps): bump trybuild from 1.0.105 to 1.0.110\n * Accept evidence handling structures null entries\n * workflows: Add test to check if RPM patches still apply\n * CI: Enable test add-agent-with-malformed-ek-cert\n * config: Fix singleton tests\n * FSM: Remove needless lifetime annotations (#1105)\n * rpm: Do not remove wiremock which is now available in Fedora\n * Use latest Fedora httpdate version (1.0.3)\n * Enhance coverage with parse_retry_after test\n * Fix issues reported by CI regarding unwrap() calls\n * Reuse max retries indicated to the ResilientClient\n * Include limit of retries to 5 for Retry-After\n * Add policy to handle Retry-After response headers\n * build(deps): bump wiremock from 0.6.3 to 0.6.4\n * build(deps): bump serde_json from 1.0.140 to 1.0.143\n * build(deps): bump pest_derive from 2.8.0 to 2.8.1\n * build(deps): bump syn from 2.0.90 to 2.0.106\n * build(deps): bump tempfile from 3.20.0 to 3.21.0\n * build(deps): bump thiserror from 2.0.12 to 2.0.16\n * rpm: Fix patches to apply to current master code\n * build(deps): bump anyhow from 1.0.98 to 1.0.99\n * state_machine: Automatically clean config override during tests\n * config: Implement singleton and factory pattern\n * testing: Support overriding configuration during tests\n * feat: implement standalone challenge-response authentication module\n * structures: rename session structs for clarity and fix typos\n * tpm: refactor certify_credential_with_iak() into a more generic function\n * Add Push Model Agent Mermaid FSM chart (#1095)\n * Add state to avoid exiting on wrong attestation (#1093)\n * Add 6 alphanumeric lowercase X-Request-ID header\n * Enhance Evidence Handling response parsing\n * build(deps): bump quote from 1.0.35 to 1.0.40\n * build(deps): bump libc from 0.2.172 to 0.2.175\n * build(deps): bump glob from 0.3.2 to 0.3.3\n * build(deps): bump actix-web from 4.10.2 to 4.11.0\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-453,SUSE-SLE-Micro-5.3-2026-453",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0453-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0453-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260453-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0453-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024128.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-02-11T16:17:25Z",
"generator": {
"date": "2026-02-11T16:17:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0453-1",
"initial_release_date": "2026-02-11T16:17:25Z",
"revision_history": [
{
"date": "2026-02-11T16:17:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.aarch64",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.13.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-150400.3.13.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.13.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-150400.3.13.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.s390x",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.13.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.13.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.s390x",
"product_id": "rust-keylime-0.2.8+116-150400.3.13.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-150400.3.13.1.x86_64",
"product_id": "keylime-ima-policy-0.2.8+116-150400.3.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-150400.3.13.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-150400.3.13.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-150400.3.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-150400.3.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-150400.3.13.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-150400.3.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.8+116-150400.3.13.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T16:17:25Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20723-1
Vulnerability from csaf_suse - Published: 2026-03-12 09:52 - Updated: 2026-03-12 09:52Summary
Security update for virtiofsd
Severity
Important
Notes
Title of the patch: Security update for virtiofsd
Description of the patch: This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
Patchnames: SUSE-SLE-Micro-6.0-618
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for virtiofsd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for virtiofsd fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257912).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-618",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20723-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20723-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620723-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20723-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024764.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257912",
"url": "https://bugzilla.suse.com/1257912"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for virtiofsd",
"tracking": {
"current_release_date": "2026-03-12T09:52:06Z",
"generator": {
"date": "2026-03-12T09:52:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20723-1",
"initial_release_date": "2026-03-12T09:52:06Z",
"revision_history": [
{
"date": "2026-03-12T09:52:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-2.1.aarch64",
"product": {
"name": "virtiofsd-1.10.1-2.1.aarch64",
"product_id": "virtiofsd-1.10.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-2.1.s390x",
"product": {
"name": "virtiofsd-1.10.1-2.1.s390x",
"product_id": "virtiofsd-1.10.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-2.1.x86_64",
"product": {
"name": "virtiofsd-1.10.1-2.1.x86_64",
"product_id": "virtiofsd-1.10.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-2.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.aarch64"
},
"product_reference": "virtiofsd-1.10.1-2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-2.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.s390x"
},
"product_reference": "virtiofsd-1.10.1-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-2.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.x86_64"
},
"product_reference": "virtiofsd-1.10.1-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.aarch64",
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.s390x",
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.aarch64",
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.s390x",
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.aarch64",
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.s390x",
"SUSE Linux Micro 6.0:virtiofsd-1.10.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-12T09:52:06Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:0816-1
Vulnerability from csaf_suse - Published: 2026-03-05 09:50 - Updated: 2026-03-05 09:50Summary
Security update for virtiofsd
Severity
Important
Notes
Title of the patch: Security update for virtiofsd
Description of the patch: This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
Patchnames: SUSE-2026-816,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-816,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-816,openSUSE-SLE-15.6-2026-816
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for virtiofsd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for virtiofsd fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257912).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-816,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-816,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-816,openSUSE-SLE-15.6-2026-816",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0816-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0816-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260816-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0816-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024582.html"
},
{
"category": "self",
"summary": "SUSE Bug 1257912",
"url": "https://bugzilla.suse.com/1257912"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for virtiofsd",
"tracking": {
"current_release_date": "2026-03-05T09:50:59Z",
"generator": {
"date": "2026-03-05T09:50:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0816-1",
"initial_release_date": "2026-03-05T09:50:59Z",
"revision_history": [
{
"date": "2026-03-05T09:50:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-150600.4.6.1.aarch64",
"product": {
"name": "virtiofsd-1.10.1-150600.4.6.1.aarch64",
"product_id": "virtiofsd-1.10.1-150600.4.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"product": {
"name": "virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"product_id": "virtiofsd-1.10.1-150600.4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-150600.4.6.1.s390x",
"product": {
"name": "virtiofsd-1.10.1-150600.4.6.1.s390x",
"product_id": "virtiofsd-1.10.1-150600.4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.10.1-150600.4.6.1.x86_64",
"product": {
"name": "virtiofsd-1.10.1-150600.4.6.1.x86_64",
"product_id": "virtiofsd-1.10.1-150600.4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.aarch64"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.ppc64le"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.s390x"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.x86_64"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.ppc64le"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.x86_64"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.aarch64"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.ppc64le"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.s390x"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.10.1-150600.4.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.x86_64"
},
"product_reference": "virtiofsd-1.10.1-150600.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.x86_64",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.aarch64",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.s390x",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.x86_64",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.aarch64",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.s390x",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:virtiofsd-1.10.1-150600.4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:virtiofsd-1.10.1-150600.4.6.1.x86_64",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.aarch64",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.ppc64le",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.s390x",
"openSUSE Leap 15.6:virtiofsd-1.10.1-150600.4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T09:50:59Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-SU-2026:20744-1
Vulnerability from csaf_suse - Published: 2026-03-16 15:29 - Updated: 2026-03-16 15:29Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
- Update to version 0.2.8+116:
- CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. (bsc#1257908)
Patchnames: SUSE-SL-Micro-6.2-387
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.8+116:\n- CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. (bsc#1257908)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-387",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20744-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20744-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620744-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20744-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024836.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE Bug 1248006",
"url": "https://bugzilla.suse.com/1248006"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-03-16T15:29:27Z",
"generator": {
"date": "2026-03-16T15:29:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20744-1",
"initial_release_date": "2026-03-16T15:29:27Z",
"revision_history": [
{
"date": "2026-03-16T15:29:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.s390x",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55159"
}
],
"notes": [
{
"category": "general",
"text": "slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab\u0027s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab\u0027s actual length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55159",
"url": "https://www.suse.com/security/cve/CVE-2025-55159"
},
{
"category": "external",
"summary": "SUSE Bug 1248000 for CVE-2025-55159",
"url": "https://bugzilla.suse.com/1248000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:29:27Z",
"details": "moderate"
}
],
"title": "CVE-2025-55159"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Fumiki Takahashi Gianism allows Stored XSS. This issue affects Gianism: from n/a through 5.2.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:29:27Z",
"details": "moderate"
}
],
"title": "CVE-2025-58266"
},
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.s390x",
"SUSE Linux Micro 6.2:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:29:27Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
SUSE-FU-2026:20990-1
Vulnerability from csaf_suse - Published: 2026-04-01 09:19 - Updated: 2026-04-01 09:19Summary
Feature update for himmelblau
Severity
Important
Notes
Title of the patch: Feature update for himmelblau
Description of the patch: This update for himmelblau fixes the following issues:
Update to himmelblau 2.3.8 (jsc#PED-14511):
Security issues:
- CVE-2025-54882: world readable cloud TGT token (bsc#1247735).
- CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249013).
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257904).
- CVE-2026-31979: race condition when accessiung /tmp/krb5cc_<uid> (bsc#1259548).
Non security issues:
- Fix SELinux module packaging to use standard policy macros (bsc#1258236).
Changelog:
Version 2.3.8:
* Add PrivateTmp back to Tasks Daemon
* Drop dead code
* Drop krb5 ccache dir code
* Add a TODO comment
* Drop non working packaged krb5 snippet file
* Write kerberos config snippet
* Extend resolver interface to return kerberos config together with TGTs
* Backport SELinux fixes from main
* Use libkrimes to store TGTs
Version 2.3.7:
* cargo vet
* Fix AWS-LC has PKCS7_verify Certificate Chain Validation Bypass
* Revert dependency change which broke the nightly build
* gen_dockerfiles: only himmelblaud has tpm feature, fix all others
* fix(build): gen_dockerfiles.py mutates shared features list mid-loop
Version 2.3.5:
* Better handle Intune API version
* Update make vet from main branch
* pam_himmelblau: call split_username once in chauthtok
* pam_himmelblau: return PAM_IGNORE in chauthtok for local users
* Don't attempt a DAG when Hello fails with SSPR demand
Version 2.3.4:
* deps(rust): bump the all-cargo-updates group across 1 directory with 8 updates
* Revert sketching update (which breaks SLE16 build)
Version 2.3.3:
* /var/cache/private/himmelblaud should not be created tmpfiles
* Updatee python vers for dataclasses dep
* deps(rust): bump the all-cargo-updates group across 1 directory with 3 updates
* Generate pin init service file systemd < 250
* Checkin missing himmelblaud.if file for SELinux
* Resolve typos in selinux package commands
Version 2.3.2:
* Compile SELinux policy at install time for cross-distro compatibility
* Improve PAM configuration on openSUSE/SLE
* Fix SELinux policy
* Add a git hook to ensure selinux policy is tested
* Ignore generated himmelblau-hsm-pin-init service file
* Refactor SELinux policy for cross-distro compatibility
* Fix NSS lookup for mapped local users
* Skip OS version compliance checks when min/max values are empty
Version 2.3.1:
* Remove references to qrcodegen (these are 3.x features)
* QR Greeter compatibility for old GNOME
* Enable QR greeter automatically
* ci: Use latest cargo-vet from git to fix CI
* Fix HSM pin migration failure on Debian/Ubuntu upgrades from v1.4.x
Version 2.3.0:
* Autostart the daemons on fresh install or upgrade
* Restart sshd when installing the ssh config
* Allow tasks daemon to write krb ccache
* Do not enumerate mapped users in NSS
* Update libhimmelblau to latest version
* Fix Tumbleweed build
Version 2.2.0:
* Update libhimmelblau to 0.8.x series
* deps(rust): bump the all-cargo-updates group with 17 updates
* Only use OpenSSH bug workaround for ssh service
* Fix debug noise from removing user from sudo group
* systemd: install files to /usr/lib/, not /etc/
Version 2.1.0:
* Fix nightly authselect build failure
* Generate the authselect profiles for each distro
* Improve pam config handling in aad-tool
* Make `aad-tool configure-pam` detect location of pam files
Version 2.0.5:
* /var/lib/private/himmelblaud should be owned by root
* Use tmpfiles.d to create himmelblaud private data directory
* deps(rust): bump the all-cargo-updates group with 13 updates
Version 2.0.4:
* Update kanidm_build_profiles mask version
* Utilize cargo vet from main
* Add policies cache patch via systemd-tmpfiles
* Fix man page comments about change idmap_range
* Stub picky-krb for osc build
* Stub a kanidm_build_profiles which builds in osc
* Ensure nss cache is created on Ubuntu/Debian
* Request a user token if NSS hasn't been called
Version 2.0.3:
* Add nss cache patch via systemd-tmpfiles
Version 2.0.2:
* Recommend `patch` with the pam package
* Fix passwordless FIDO authentication not being used when available
* Git workflow updates for stable-2.x
* Only warn on Intune failure
Version 2.0.1:
* Force o365 desktop files to always rebuild
* Always rebuild the o365 apps
* Add restart on-failure to systemd services
* Clarify `domain` SHOULD match login domain
* Remove warning about `domain` himmelblau.conf opt
* Pseudo eliminate multi-tenant and domains section
* Revert "Fix Hello PIN lookup when an alias domain"
* Comment out `KbdInteractiveAuthentication on` in sshd conf
* Check the nxset sooner, to avoid unwanted errors
* Recommend oddjob_mkhomedir with authselect
* Pin libhimmelblau to 0.7.x
* Deprecate Fedora 41
* deps(rust): bump the all-cargo-updates group with 11 updates
* Bump github/codeql-action from 4.30.8 to 4.31.2
* Bump cachix/install-nix-action from 31.8.1 to 31.8.2
* Bump actions/upload-artifact from 4.6.2 to 5.0.0
* cargo clippy and rebase fix
* fixup! add extra debug output to NotFound error code
* force error output to show up in CI logs
* wrap repeated sources of IdpError::NotFound in helper functions
* add extra debug output to NotFound error code
* use direnv for loading the nix devshell
* We should still encourage mapping by name
* Add support for Fedora 43
* Provide a offline 'breakglass' mode
* cargo clippy
* Add warning about incorrect nsswitch configuration
* Distinguish between online and offline token fail
* Ensure user token uses original name
* Fix alias domain in auth result causing failure
* Resolve cargo clippy warnings
* Only map on cn name for the primary domain
* Install systemd in build scripts for gen service
* Fix systemd version parsing
* Update libhimmelblau to 0.7.19
* Resolve SELinux build failures in nightly (part 2)
* Rocky container image updates were failing
* Warn instead of error when no idmap_range specified
* deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates
* Trim whitespace from local group names
* Fix borrowing error
* Fix reference to local_sudo_group in condition
* Only run sudo_groups if local_groups does not contain local_sudo_group
* Leave SELinux in permissive mode for Himmelblau
* Resolve SELinux build failures in nightly
* nix: add join_type option to nixos-module settings
* Build host configuration changes
* Ensure that hsm_pin isn't present decrypted
* Document Soft HSM changes to TPM bound
* Disable SELinux by default on NixOS
* sh doesn't have `source`
* Encrypt hsm-pin using systemd-creds
* Recommend uuid id mapping
* Improve himmelblau.conf man page formatting
* Implement Local User Mapping
* Add o365 dependency for jq
* Add selinux rules for gdm login
* Narrow the scope of selinux policy with audit2allow
* Generate the systemd service files
* Fix selinux build for SLE16
* Resolve SLE16 build dependency failure
* Fix the rawhide build
* Mask the sshkey-attest package
* Bump cachix/install-nix-action from 31.7.0 to 31.8.1
* cargo vet dependency updates
* deps(rust): bump the all-cargo-updates group across 1 directory with 13 updates
* Bump actions/dependency-review-action from 4.8.0 to 4.8.1
* Bump cachix/install-nix-action from 31.7.0 to 31.8.0
* Bump github/codeql-action from 3.30.5 to 4.30.8
* Bump ossf/scorecard-action from 2.4.2 to 2.4.3
* SELinux improvements
* Fix a typo in package gen scripts
* cargo fmt
* Permit NSS response for mapped primary fake group
* Fix Nix Error With Fuzz
* Decrease CI fuzzer setup time
* Document join types
* Support for Entra registered devices
* Run `cargo test` in a container
* Bump cachix/install-nix-action from 31.6.2 to 31.7.0
* deps(rust): bump the all-cargo-updates group across 1 directory with 2 updates
* Bump github/codeql-action from 3.30.4 to 3.30.5
* Use pastey crate instead of unmaintained paste
* Pin unmaintained serde_cbor dep to serde_cbor_2
* Resolve tower-http `cargo audit` warning
* Replace unmaintained fxhash with own version
* Resolve warning about workflow top level write permissions
* Remove dependabot automerge
* Resolve division by 0 in idmap code
* [StepSecurity] ci: Harden GitHub Actions
* Only idmap against initialized domains
* Resolve invalid init of idmap with same domain
* Add fuzzing of idmap code
* Add basic fuzzing of the config options
* Resolve error found by fuzzing
* cargo vet prune
* deps(rust): bump regex in the all-cargo-updates group
* Bump actions/dependency-review-action from 4.7.3 to 4.8.0
* Bump actions/checkout from 3.6.0 to 5.0.0
* Bump cachix/cachix-action from 14 to 16
* Bump ossf/scorecard-action from 2.4.0 to 2.4.2
* Bump cachix/install-nix-action from 25 to 31
* Add the OpenSSF Best Practices badge
* Add scorecard badge
* [StepSecurity] Apply security best practices
* Fix group static mapping
* Move aad-tool idmap cache clear to the idmap cmd
* Resolve errant "Hello key missing." messages
* Update flake.nix
* Slow the dependabot update frequency
* Audit dependabot updates
* deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates
* feat: Add support for aarch64 on Debian-based distributions
* Resolve possible invalid pointer dereferences
* Avoid revealing account ids in debug log
* Cause doc links to open in the correct apps
* Permit opening multiple instances of Word/Excel
* Modify systray and app close behavior
* Don't use questionably licensed icons for o365
* Resolve NixOS CI failure
* Fix building w/out deprecated interactive feature
* Update himmelblau.conf.5 sudo_groups example
* Entra group based sudo access
* Audited the cargo updates
* deps(rust): bump the all-cargo-updates group with 6 updates
* Vet libhimmelblau
* Add `make vet` command
* Update deny.toml
* Remove incompatible licenses from deps
* Fix RHEL8 package signing
* Add SBOM generation
* Add an IRP checklist for security incidents
* Run the nixos build/release on the correct version
* Add crate dependency auditing on MR
* Add some exceptions
* Initialize cargo vet
* Remove in-tree kanidm dependencies
* Fix Hello PIN lookup when an alias domain
* Raise maximum group lookup from 100 to 999
* Always work with lowercase account names
* Modify FUNDING.yml for funding sources
* Remove glib dependency
* deps(rust): bump the all-cargo-updates group with 10 updates
* Add CI check for licenses
* Update dependabot.yml to target all stable branches
* Add authselect module for Rocky/Fedora
* Recommend packages, instead of require
* Add a Contributing document
* Add a Code of Conduct
* add withSelinux flag to nix build, brings SELinux binaries into the build environment.
* deps(rust): bump tracing-subscriber in the cargo group
* Don't overwrite the himmelblau.conf on rpm upgrade
* Add help output to the Makefile
* Fix building packages with docker in root mode
* Update to latest libhimmelblau and identity_dbus_broker
* Make PRT SSO cookie via broker work as well for Edge
* Make broker work for Edge
* Generate Office 365 desktop apps
* Update README
* Add `make uninstall` command
* Remove the deprecated tests suite
* Himmelblau no longer has git submodules
* Make install using packages
* Add Debian 13 packages
* Generate Dockerfiles automatically
* Add SELinux configuration
* Himmelblau daemon requires system tss user
* Add cron dependency for Intune scripts
* Do not mangle /usr/etc configuration files
* deps(rust): bump the all-cargo-updates group with 7 updates
* Add SLE16 (beta) build target
* Automatically append to nsswitch.conf in postinst
* Correct the RPM postinst script syntax
* Fix Kerberos credential cache permissions
* Set file owner and group before writing its content
* Create SECURITY.md
* Rev the dev version to 2.0.0
* Ensure alias domains match when checking Intune device id
* Debian 12 doesn't support ConditionPathExists and notify-reload
* Write scripts policy to a readable directory
* Apply Intune policies right after enrollment
* Add more debug instrumentation
* Provide device_id to Intune enrollment if not cached
* Ensure nss cache directory is created during install
* Remove /var/cache/himmelblaud access from tasks daemon
* Resolve daemon startup absolute path warnings
* Delay Intune enrollment on Device Auth fail
* Do not leak the Intune IW service token in the logs
Version 1.4.2:
* Revert libhimmelblau unstable update
Version 1.4.1:
* Update Intune to use app version 1.2511.7
Version 1.4.0:
* Resolve build failures
* deps(rust): bump the all-cargo-updates group across 1 directory with 6 updates
Version 1.3.0:
* Revert the self-hosted runner name
* deps(rust): bump the all-cargo-updates group with 23 updates
* Include latest branch in CI
* Self hosted runners
Version 1.1.0:
* Fix policy application
* Add remaining Linux password compliance policies
* Add custom compliance enforcement
* deps(rust): bump the all-cargo-updates group with 3 updates
* deps(rust): bump the all-cargo-updates group with 5 updates
* Add SLE15SP7 build target
* Add RHEL 10 build target
* Fix Intermittent auth issue AADSTSError 16000
* Remove old utf8proc dependency
* Add `fedora42` build target
* Handle PRT expiration and tie to offline auth
* Correctly delete the Hello keys on bad pin count
* Add ability to disable Hello PIN per-service
* Update NixOS support to 25.05
* Handle disabled device by attempting re-enrollment
* Always attempt confidential client creds for aad-tool
* Include HSM option defs in himmelblau.conf man page
* Improve the aad-tool cache-clear command
* Add `mfaSshWorkaroundFlag` configuration option to Nix Flake.
* Add the ability to remove confidential client creds
* If bad PIN count is exceeded, delete the Hello key
* deps(rust): bump the all-cargo-updates group with 4 updates
* Add instructions for creating developer builds
* Fix GDM3 first time login password prompt
* Default HsmType should be soft
* Add himmelblaud to tss group for TPM startup
* Enforce strict order for the systemd units
* Update libhimmelblau and compact_jwt
* Fix builds w/tpm
* aad-tool Authentication flow improvements
* Filter out irrelevant debug in aad-tool
* Create a unified login experience for aad-tool
* Utilize confidential creds for aad-tool enumerate
* himmelblau should get posix attributes w/out delegate user access
* Always use the Object Id for mapping Group to GID
* Update enhancement-request.md for SPI donations
* Update bug_report.md with SPI donation
* Update build requires in README.md
* Update FUNDING.yml with SPI Paypal donation button
* Don't break from tasks loop when policies fail
* Enroll in Intune as soon as it is enabled
* Implement `decoupled hello` behavior
* Cache encrypted PRT to disk for offline login SSO
* Update to latest hsm-crypto
* Enable tpm functionality
* Allow altering the password and PIN prompt messages
* Ensure Hello PIN lockout happens when online
* Cache the build target output to improve build times
* Easier build selection w/ Makefile
* Revert mistaken removal from Makefile
* Make the user wait longer with each incorrect PIN
* Make the bad PIN count configurable
* Improve aad-tool manpage
* aad-tool fails if the user has FIDO2 enabled
* Offline auth permits authentication with invalid Hello PIN
* PIN complexity to match Windows
* Update to latest SSSD idmap code
* Add aad-tool options for setting posix attrs
* Add scopes and redirect uris aad-tool application create
* Add aad-tool commands for managaging extension attrs
* Utilize the sidtoname call for object id mapping
* Add commands for listing/creating App registrations
* Potential fix for code scanning alert no. 2: Workflow does not contain permissions
* Potential fix for code scanning alert no. 4: Workflow does not contain permissions
* Potential fix for code scanning alert: Workflow does not contain permissions
* Never write the app_id to the server config
* Disable passwordless Fido by default
* Stop using deprecated `users` crate
* When group membership lookup fails, use cached groups
* aad-tool command for enumerating users and groups
* Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass
* Add the configure-pam option to aad-tool man page
* Add static idmap cache for on-prem to cloud migration
* Update bug_report.md with request for himmelblau.conf
* deps(rust): bump the all-cargo-updates group with 2 updates
* Update crates in a group
* Update crate bumps
* Utilize new Intune compliance enforcement via libhimmelblau
* Correct the README regarding Intune policy compliance
* Disable Chromium policy
* Re-enable Intune policy and add scripts and compliance policies
* himmelblau.conf alias `domain` as `domains`
* Support Fido auth in pam passwd
* Add TAP support to himmelblaud and pam passwd
* Mixed case names should properly identify Hello Key
* Update linux-entra-sso to latest version
* Fix group lookup for Entra Id group name
* Fix mixed case name lookup from PRT cache
* Crate updates
* Fix tasks daemon debug output
* Remove write locks where unecessary
* Fix deadlock in nss
* systemd notify fixes
* Console
* Address Feedback
* Order services before gdb/nss-user-target
* deps(rust): bump rpassword from 7.3.1 to 7.4.0
* deps(rust): bump tokio from 1.44.2 to 1.45.0
* deps(rust): bump sha2 from 0.10.8 to 0.10.9
* deps(rust): bump systemd-journal-logger from 2.2.0 to 2.2.2
* deps(rust): bump clap from 4.5.31 to 4.5.38
* Update notify-debouncer-full
* Update opentelemetry
* Update dependencies
* deps(rust): bump time from 0.3.39 to 0.3.41
* Replace source filter that blacklists files with filter that whitelists files.
* Mark himmelblau.conf as config in rpm
* Update README.md
* Ensure only the base URL is printed to log
* If unix_user_get fails, wait, and try again
* Supplying a PRT cookie to SSO doesn't require network
* Don't send a password prompt if the network is down
* Auth via MFA if Hello PIN fails 3 times
* Improve Hello PIN failed auth error
* Fix rocky9 build
* deps(rust): bump anyhow from 1.0.96 to 1.0.98
* deps(rust): bump libc from 0.2.170 to 0.2.172
* deps(rust): bump cc from 1.2.16 to 1.2.19
* deps(rust): bump tokio from 1.43.0 to 1.44.2
* deps(rust): bump openssl from 0.10.71 to 0.10.72 in the cargo group
* deps(rust): bump reqwest from 0.12.12 to 0.12.15
* Update libhimmelblau in Cargo.lock
* Fix nss and offline checks for domain aliases
* Report error when MS Authenticator denies authorization
* Bail out of invalid offline auth
* Handle AADSTS errors from BeginAuth response
* Never dump failed reqwests to the log
* Update sccache-action version to use new cache service
* Permit daemon to start when network is down
* Add an nss cache for when daemon is down
* Additional pam info cues
* Proceed with Hello auth even with net down
* Indicate to the user what the password and PIN are
* Ensure pam messages are seen
* Display the minimum PIN length during Hello setup
* PAM should loop, not die on error
* Ensure prompt msg remains for confirmation
* Update bug_report.md
* Ignore demands for setting up MS Authenticator
* Login fails if Entra is configured to recommend MS authenticator
* Add pam configure command to aad-tool
* Update README.md with pam passwd instructions
* aad-tool authtest needs to map names
* Update demo video in README.md
* Sign RPM packages
* Ensure the pam module is installed correctly for SLE
* Improve pam error handling and messaging
* Only push cachix builds for stable releases
* Terminate linux-entra-sso when browser terminates
* On deb, push pam config after install
* Increase priority of deb PAM passwd for Himmelblau
* Improve offline state handling
* Specify request for Entra Id password in PAM
* QR Greeter also supports gnome-shell 47
* Fix profile photo loading
* Clarify pam_allow_groups in himmelblau.conf man page
* Don't hide debug for pam_allow_groups miss
* Handle failures in passwordless auth
* build all root packages
* split config options that can be defined per-domain from those which are global only
* configure cachix signing and upload in ci
* deps(rust): bump serde_json from 1.0.138 to 1.0.140
* deps(rust): bump serde from 1.0.218 to 1.0.219
* deps(rust): bump time from 0.3.37 to 0.3.39
* deps(rust): bump bytes from 1.10.0 to 1.10.1
* deps(rust): bump pkg-config from 0.3.31 to 0.3.32
* Entra Id is case insensitive, cache lookup must match
* deps(rust): bump ring from 0.17.9 to 0.17.13 in the cargo group
* Support CompanionAppsNotification mfa method
* QR code for gnome-shell greeter
* Allow tasks to start if AccountsService dir missing
* Remove invalid python dependency from sso package
* Fixes https://github.com/himmelblau-idm/himmelblau/issues/397
* Clear server config when clearing cache
* Update version in the Cargo.lock
* deps(rust): bump async-trait from 0.1.86 to 0.1.87
* deps(rust): bump chrono from 0.4.39 to 0.4.40
* Fix himmelblau.conf man page cn_name_mapping entry
* deps(rust): bump pem from 3.0.4 to 3.0.5
* deps(rust): bump serde from 1.0.217 to 1.0.218
Version 1.0.0:
* deps(rust): bump cc from 1.2.15 to 1.2.16
* Update workflow versions
Patchnames: SUSE-SLES-16.0-471
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Feature update for himmelblau",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for himmelblau fixes the following issues:\n\nUpdate to himmelblau 2.3.8 (jsc#PED-14511):\n\nSecurity issues:\n\n- CVE-2025-54882: world readable cloud TGT token (bsc#1247735).\n- CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249013).\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257904).\n- CVE-2026-31979: race condition when accessiung /tmp/krb5cc_\u003cuid\u003e (bsc#1259548).\n\nNon security issues:\n\n- Fix SELinux module packaging to use standard policy macros (bsc#1258236).\n\nChangelog:\n\nVersion 2.3.8:\n\n * Add PrivateTmp back to Tasks Daemon\n * Drop dead code\n * Drop krb5 ccache dir code\n * Add a TODO comment\n * Drop non working packaged krb5 snippet file\n * Write kerberos config snippet\n * Extend resolver interface to return kerberos config together with TGTs\n * Backport SELinux fixes from main\n * Use libkrimes to store TGTs\n\nVersion 2.3.7:\n\n * cargo vet\n * Fix AWS-LC has PKCS7_verify Certificate Chain Validation Bypass\n * Revert dependency change which broke the nightly build\n * gen_dockerfiles: only himmelblaud has tpm feature, fix all others\n * fix(build): gen_dockerfiles.py mutates shared features list mid-loop\n\nVersion 2.3.5:\n\n * Better handle Intune API version\n * Update make vet from main branch\n * pam_himmelblau: call split_username once in chauthtok\n * pam_himmelblau: return PAM_IGNORE in chauthtok for local users\n * Don\u0027t attempt a DAG when Hello fails with SSPR demand\n\nVersion 2.3.4:\n\n * deps(rust): bump the all-cargo-updates group across 1 directory with 8 updates\n * Revert sketching update (which breaks SLE16 build)\n\nVersion 2.3.3:\n\n * /var/cache/private/himmelblaud should not be created tmpfiles\n * Updatee python vers for dataclasses dep\n * deps(rust): bump the all-cargo-updates group across 1 directory with 3 updates\n * Generate pin init service file systemd \u003c 250\n * Checkin missing himmelblaud.if file for SELinux\n * Resolve typos in selinux package commands\n\nVersion 2.3.2:\n\n * Compile SELinux policy at install time for cross-distro compatibility\n * Improve PAM configuration on openSUSE/SLE\n * Fix SELinux policy\n * Add a git hook to ensure selinux policy is tested\n * Ignore generated himmelblau-hsm-pin-init service file\n * Refactor SELinux policy for cross-distro compatibility\n * Fix NSS lookup for mapped local users\n * Skip OS version compliance checks when min/max values are empty\n\nVersion 2.3.1:\n\n * Remove references to qrcodegen (these are 3.x features)\n * QR Greeter compatibility for old GNOME\n * Enable QR greeter automatically\n * ci: Use latest cargo-vet from git to fix CI\n * Fix HSM pin migration failure on Debian/Ubuntu upgrades from v1.4.x\n\nVersion 2.3.0:\n\n * Autostart the daemons on fresh install or upgrade\n * Restart sshd when installing the ssh config\n * Allow tasks daemon to write krb ccache\n * Do not enumerate mapped users in NSS\n * Update libhimmelblau to latest version\n * Fix Tumbleweed build\n\nVersion 2.2.0:\n\n * Update libhimmelblau to 0.8.x series\n * deps(rust): bump the all-cargo-updates group with 17 updates\n * Only use OpenSSH bug workaround for ssh service\n * Fix debug noise from removing user from sudo group\n * systemd: install files to /usr/lib/, not /etc/\n\nVersion 2.1.0:\n\n * Fix nightly authselect build failure\n * Generate the authselect profiles for each distro\n * Improve pam config handling in aad-tool\n * Make `aad-tool configure-pam` detect location of pam files\n\nVersion 2.0.5:\n\n * /var/lib/private/himmelblaud should be owned by root\n * Use tmpfiles.d to create himmelblaud private data directory\n * deps(rust): bump the all-cargo-updates group with 13 updates\n\nVersion 2.0.4:\n\n * Update kanidm_build_profiles mask version\n * Utilize cargo vet from main\n * Add policies cache patch via systemd-tmpfiles\n\n * Fix man page comments about change idmap_range\n * Stub picky-krb for osc build\n * Stub a kanidm_build_profiles which builds in osc\n * Ensure nss cache is created on Ubuntu/Debian\n * Request a user token if NSS hasn\u0027t been called\n\nVersion 2.0.3:\n\n * Add nss cache patch via systemd-tmpfiles\n\nVersion 2.0.2:\n\n * Recommend `patch` with the pam package\n * Fix passwordless FIDO authentication not being used when available\n * Git workflow updates for stable-2.x\n * Only warn on Intune failure\n\nVersion 2.0.1:\n\n * Force o365 desktop files to always rebuild\n * Always rebuild the o365 apps\n * Add restart on-failure to systemd services\n * Clarify `domain` SHOULD match login domain\n * Remove warning about `domain` himmelblau.conf opt\n * Pseudo eliminate multi-tenant and domains section\n * Revert \"Fix Hello PIN lookup when an alias domain\"\n * Comment out `KbdInteractiveAuthentication on` in sshd conf\n * Check the nxset sooner, to avoid unwanted errors\n * Recommend oddjob_mkhomedir with authselect\n * Pin libhimmelblau to 0.7.x\n * Deprecate Fedora 41\n * deps(rust): bump the all-cargo-updates group with 11 updates\n * Bump github/codeql-action from 4.30.8 to 4.31.2\n * Bump cachix/install-nix-action from 31.8.1 to 31.8.2\n * Bump actions/upload-artifact from 4.6.2 to 5.0.0\n * cargo clippy and rebase fix\n * fixup! add extra debug output to NotFound error code\n * force error output to show up in CI logs\n * wrap repeated sources of IdpError::NotFound in helper functions\n * add extra debug output to NotFound error code\n * use direnv for loading the nix devshell\n * We should still encourage mapping by name\n * Add support for Fedora 43\n * Provide a offline \u0027breakglass\u0027 mode\n * cargo clippy\n * Add warning about incorrect nsswitch configuration\n * Distinguish between online and offline token fail\n * Ensure user token uses original name\n * Fix alias domain in auth result causing failure\n * Resolve cargo clippy warnings\n * Only map on cn name for the primary domain\n * Install systemd in build scripts for gen service\n * Fix systemd version parsing\n * Update libhimmelblau to 0.7.19\n * Resolve SELinux build failures in nightly (part 2)\n * Rocky container image updates were failing\n * Warn instead of error when no idmap_range specified\n * deps(rust): bump the all-cargo-updates group across 1 directory with 7 updates\n * Trim whitespace from local group names\n * Fix borrowing error\n * Fix reference to local_sudo_group in condition\n * Only run sudo_groups if local_groups does not contain local_sudo_group\n * Leave SELinux in permissive mode for Himmelblau\n * Resolve SELinux build failures in nightly\n * nix: add join_type option to nixos-module settings\n * Build host configuration changes\n * Ensure that hsm_pin isn\u0027t present decrypted\n * Document Soft HSM changes to TPM bound\n * Disable SELinux by default on NixOS\n * sh doesn\u0027t have `source`\n * Encrypt hsm-pin using systemd-creds\n * Recommend uuid id mapping\n * Improve himmelblau.conf man page formatting\n * Implement Local User Mapping\n * Add o365 dependency for jq\n * Add selinux rules for gdm login\n * Narrow the scope of selinux policy with audit2allow\n * Generate the systemd service files\n * Fix selinux build for SLE16\n * Resolve SLE16 build dependency failure\n * Fix the rawhide build\n * Mask the sshkey-attest package\n * Bump cachix/install-nix-action from 31.7.0 to 31.8.1\n * cargo vet dependency updates\n * deps(rust): bump the all-cargo-updates group across 1 directory with 13 updates\n * Bump actions/dependency-review-action from 4.8.0 to 4.8.1\n * Bump cachix/install-nix-action from 31.7.0 to 31.8.0\n * Bump github/codeql-action from 3.30.5 to 4.30.8\n * Bump ossf/scorecard-action from 2.4.2 to 2.4.3\n * SELinux improvements\n * Fix a typo in package gen scripts\n * cargo fmt\n * Permit NSS response for mapped primary fake group\n * Fix Nix Error With Fuzz\n * Decrease CI fuzzer setup time\n * Document join types\n * Support for Entra registered devices\n * Run `cargo test` in a container\n * Bump cachix/install-nix-action from 31.6.2 to 31.7.0\n * deps(rust): bump the all-cargo-updates group across 1 directory with 2 updates\n * Bump github/codeql-action from 3.30.4 to 3.30.5\n * Use pastey crate instead of unmaintained paste\n * Pin unmaintained serde_cbor dep to serde_cbor_2\n * Resolve tower-http `cargo audit` warning\n * Replace unmaintained fxhash with own version\n * Resolve warning about workflow top level write permissions\n * Remove dependabot automerge\n * Resolve division by 0 in idmap code\n * [StepSecurity] ci: Harden GitHub Actions\n * Only idmap against initialized domains\n * Resolve invalid init of idmap with same domain\n * Add fuzzing of idmap code\n * Add basic fuzzing of the config options\n * Resolve error found by fuzzing\n * cargo vet prune\n * deps(rust): bump regex in the all-cargo-updates group\n * Bump actions/dependency-review-action from 4.7.3 to 4.8.0\n * Bump actions/checkout from 3.6.0 to 5.0.0\n * Bump cachix/cachix-action from 14 to 16\n * Bump ossf/scorecard-action from 2.4.0 to 2.4.2\n * Bump cachix/install-nix-action from 25 to 31\n * Add the OpenSSF Best Practices badge\n * Add scorecard badge\n * [StepSecurity] Apply security best practices\n * Fix group static mapping\n * Move aad-tool idmap cache clear to the idmap cmd\n * Resolve errant \"Hello key missing.\" messages\n * Update flake.nix\n * Slow the dependabot update frequency\n * Audit dependabot updates\n * deps(rust): bump the all-cargo-updates group across 1 directory with 11 updates\n * feat: Add support for aarch64 on Debian-based distributions\n * Resolve possible invalid pointer dereferences\n * Avoid revealing account ids in debug log\n * Cause doc links to open in the correct apps\n * Permit opening multiple instances of Word/Excel\n * Modify systray and app close behavior\n * Don\u0027t use questionably licensed icons for o365\n * Resolve NixOS CI failure\n * Fix building w/out deprecated interactive feature\n * Update himmelblau.conf.5 sudo_groups example\n * Entra group based sudo access\n * Audited the cargo updates\n * deps(rust): bump the all-cargo-updates group with 6 updates\n * Vet libhimmelblau\n * Add `make vet` command\n * Update deny.toml\n * Remove incompatible licenses from deps\n * Fix RHEL8 package signing\n * Add SBOM generation\n * Add an IRP checklist for security incidents\n * Run the nixos build/release on the correct version\n * Add crate dependency auditing on MR\n * Add some exceptions\n * Initialize cargo vet\n * Remove in-tree kanidm dependencies\n * Fix Hello PIN lookup when an alias domain\n * Raise maximum group lookup from 100 to 999\n * Always work with lowercase account names\n * Modify FUNDING.yml for funding sources\n * Remove glib dependency\n * deps(rust): bump the all-cargo-updates group with 10 updates\n * Add CI check for licenses\n * Update dependabot.yml to target all stable branches\n * Add authselect module for Rocky/Fedora\n * Recommend packages, instead of require\n * Add a Contributing document\n * Add a Code of Conduct\n * add withSelinux flag to nix build, brings SELinux binaries into the build environment.\n * deps(rust): bump tracing-subscriber in the cargo group\n * Don\u0027t overwrite the himmelblau.conf on rpm upgrade\n * Add help output to the Makefile\n * Fix building packages with docker in root mode\n * Update to latest libhimmelblau and identity_dbus_broker\n * Make PRT SSO cookie via broker work as well for Edge\n * Make broker work for Edge\n * Generate Office 365 desktop apps\n * Update README\n * Add `make uninstall` command\n * Remove the deprecated tests suite\n * Himmelblau no longer has git submodules\n * Make install using packages\n * Add Debian 13 packages\n * Generate Dockerfiles automatically\n * Add SELinux configuration\n * Himmelblau daemon requires system tss user\n * Add cron dependency for Intune scripts\n * Do not mangle /usr/etc configuration files\n * deps(rust): bump the all-cargo-updates group with 7 updates\n * Add SLE16 (beta) build target\n * Automatically append to nsswitch.conf in postinst\n * Correct the RPM postinst script syntax\n * Fix Kerberos credential cache permissions\n * Set file owner and group before writing its content\n * Create SECURITY.md\n * Rev the dev version to 2.0.0\n * Ensure alias domains match when checking Intune device id\n * Debian 12 doesn\u0027t support ConditionPathExists and notify-reload\n * Write scripts policy to a readable directory\n * Apply Intune policies right after enrollment\n * Add more debug instrumentation\n * Provide device_id to Intune enrollment if not cached\n * Ensure nss cache directory is created during install\n * Remove /var/cache/himmelblaud access from tasks daemon\n * Resolve daemon startup absolute path warnings\n * Delay Intune enrollment on Device Auth fail\n * Do not leak the Intune IW service token in the logs\n\nVersion 1.4.2:\n\n * Revert libhimmelblau unstable update\n\nVersion 1.4.1:\n\n * Update Intune to use app version 1.2511.7\n\nVersion 1.4.0:\n\n * Resolve build failures\n * deps(rust): bump the all-cargo-updates group across 1 directory with 6 updates\n\nVersion 1.3.0:\n\n * Revert the self-hosted runner name\n * deps(rust): bump the all-cargo-updates group with 23 updates\n * Include latest branch in CI\n * Self hosted runners\n\nVersion 1.1.0:\n\n * Fix policy application\n * Add remaining Linux password compliance policies\n * Add custom compliance enforcement\n * deps(rust): bump the all-cargo-updates group with 3 updates\n * deps(rust): bump the all-cargo-updates group with 5 updates\n * Add SLE15SP7 build target\n * Add RHEL 10 build target\n * Fix Intermittent auth issue AADSTSError 16000\n * Remove old utf8proc dependency\n * Add `fedora42` build target\n * Handle PRT expiration and tie to offline auth\n * Correctly delete the Hello keys on bad pin count\n * Add ability to disable Hello PIN per-service\n * Update NixOS support to 25.05\n * Handle disabled device by attempting re-enrollment\n * Always attempt confidential client creds for aad-tool\n * Include HSM option defs in himmelblau.conf man page\n * Improve the aad-tool cache-clear command\n * Add `mfaSshWorkaroundFlag` configuration option to Nix Flake.\n * Add the ability to remove confidential client creds\n * If bad PIN count is exceeded, delete the Hello key\n * deps(rust): bump the all-cargo-updates group with 4 updates\n * Add instructions for creating developer builds\n * Fix GDM3 first time login password prompt\n * Default HsmType should be soft\n * Add himmelblaud to tss group for TPM startup\n * Enforce strict order for the systemd units\n * Update libhimmelblau and compact_jwt\n * Fix builds w/tpm\n * aad-tool Authentication flow improvements\n * Filter out irrelevant debug in aad-tool\n * Create a unified login experience for aad-tool\n * Utilize confidential creds for aad-tool enumerate\n * himmelblau should get posix attributes w/out delegate user access\n * Always use the Object Id for mapping Group to GID\n * Update enhancement-request.md for SPI donations\n * Update bug_report.md with SPI donation\n * Update build requires in README.md\n * Update FUNDING.yml with SPI Paypal donation button\n * Don\u0027t break from tasks loop when policies fail\n * Enroll in Intune as soon as it is enabled\n * Implement `decoupled hello` behavior\n * Cache encrypted PRT to disk for offline login SSO\n * Update to latest hsm-crypto\n * Enable tpm functionality\n * Allow altering the password and PIN prompt messages\n * Ensure Hello PIN lockout happens when online\n * Cache the build target output to improve build times\n * Easier build selection w/ Makefile\n * Revert mistaken removal from Makefile\n * Make the user wait longer with each incorrect PIN\n * Make the bad PIN count configurable\n * Improve aad-tool manpage\n * aad-tool fails if the user has FIDO2 enabled\n * Offline auth permits authentication with invalid Hello PIN\n * PIN complexity to match Windows\n * Update to latest SSSD idmap code\n * Add aad-tool options for setting posix attrs\n * Add scopes and redirect uris aad-tool application create\n * Add aad-tool commands for managaging extension attrs\n * Utilize the sidtoname call for object id mapping\n * Add commands for listing/creating App registrations\n * Potential fix for code scanning alert no. 2: Workflow does not contain permissions\n * Potential fix for code scanning alert no. 4: Workflow does not contain permissions\n * Potential fix for code scanning alert: Workflow does not contain permissions\n * Never write the app_id to the server config\n * Disable passwordless Fido by default\n * Stop using deprecated `users` crate\n * When group membership lookup fails, use cached groups\n * aad-tool command for enumerating users and groups\n * Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass\n * Add the configure-pam option to aad-tool man page\n * Add static idmap cache for on-prem to cloud migration\n * Update bug_report.md with request for himmelblau.conf\n * deps(rust): bump the all-cargo-updates group with 2 updates\n * Update crates in a group\n * Update crate bumps\n * Utilize new Intune compliance enforcement via libhimmelblau\n * Correct the README regarding Intune policy compliance\n * Disable Chromium policy\n * Re-enable Intune policy and add scripts and compliance policies\n * himmelblau.conf alias `domain` as `domains`\n * Support Fido auth in pam passwd\n * Add TAP support to himmelblaud and pam passwd\n * Mixed case names should properly identify Hello Key\n * Update linux-entra-sso to latest version\n * Fix group lookup for Entra Id group name\n * Fix mixed case name lookup from PRT cache\n * Crate updates\n * Fix tasks daemon debug output\n * Remove write locks where unecessary\n * Fix deadlock in nss\n * systemd notify fixes\n * Console\n * Address Feedback\n * Order services before gdb/nss-user-target\n * deps(rust): bump rpassword from 7.3.1 to 7.4.0\n * deps(rust): bump tokio from 1.44.2 to 1.45.0\n * deps(rust): bump sha2 from 0.10.8 to 0.10.9\n * deps(rust): bump systemd-journal-logger from 2.2.0 to 2.2.2\n * deps(rust): bump clap from 4.5.31 to 4.5.38\n * Update notify-debouncer-full\n * Update opentelemetry\n * Update dependencies\n * deps(rust): bump time from 0.3.39 to 0.3.41\n * Replace source filter that blacklists files with filter that whitelists files.\n * Mark himmelblau.conf as config in rpm\n * Update README.md\n * Ensure only the base URL is printed to log\n * If unix_user_get fails, wait, and try again\n * Supplying a PRT cookie to SSO doesn\u0027t require network\n * Don\u0027t send a password prompt if the network is down\n * Auth via MFA if Hello PIN fails 3 times\n * Improve Hello PIN failed auth error\n * Fix rocky9 build\n * deps(rust): bump anyhow from 1.0.96 to 1.0.98\n * deps(rust): bump libc from 0.2.170 to 0.2.172\n * deps(rust): bump cc from 1.2.16 to 1.2.19\n * deps(rust): bump tokio from 1.43.0 to 1.44.2\n * deps(rust): bump openssl from 0.10.71 to 0.10.72 in the cargo group\n * deps(rust): bump reqwest from 0.12.12 to 0.12.15\n * Update libhimmelblau in Cargo.lock\n * Fix nss and offline checks for domain aliases\n * Report error when MS Authenticator denies authorization\n * Bail out of invalid offline auth\n * Handle AADSTS errors from BeginAuth response\n * Never dump failed reqwests to the log\n * Update sccache-action version to use new cache service\n * Permit daemon to start when network is down\n * Add an nss cache for when daemon is down\n * Additional pam info cues\n * Proceed with Hello auth even with net down\n * Indicate to the user what the password and PIN are\n * Ensure pam messages are seen\n * Display the minimum PIN length during Hello setup\n * PAM should loop, not die on error\n * Ensure prompt msg remains for confirmation\n * Update bug_report.md\n * Ignore demands for setting up MS Authenticator\n * Login fails if Entra is configured to recommend MS authenticator\n * Add pam configure command to aad-tool\n * Update README.md with pam passwd instructions\n * aad-tool authtest needs to map names\n * Update demo video in README.md\n * Sign RPM packages\n * Ensure the pam module is installed correctly for SLE\n * Improve pam error handling and messaging\n * Only push cachix builds for stable releases\n * Terminate linux-entra-sso when browser terminates\n * On deb, push pam config after install\n * Increase priority of deb PAM passwd for Himmelblau\n * Improve offline state handling\n * Specify request for Entra Id password in PAM\n * QR Greeter also supports gnome-shell 47\n * Fix profile photo loading\n * Clarify pam_allow_groups in himmelblau.conf man page\n * Don\u0027t hide debug for pam_allow_groups miss\n * Handle failures in passwordless auth\n * build all root packages\n * split config options that can be defined per-domain from those which are global only\n * configure cachix signing and upload in ci\n * deps(rust): bump serde_json from 1.0.138 to 1.0.140\n * deps(rust): bump serde from 1.0.218 to 1.0.219\n * deps(rust): bump time from 0.3.37 to 0.3.39\n * deps(rust): bump bytes from 1.10.0 to 1.10.1\n * deps(rust): bump pkg-config from 0.3.31 to 0.3.32\n * Entra Id is case insensitive, cache lookup must match\n * deps(rust): bump ring from 0.17.9 to 0.17.13 in the cargo group\n * Support CompanionAppsNotification mfa method\n * QR code for gnome-shell greeter\n * Allow tasks to start if AccountsService dir missing\n * Remove invalid python dependency from sso package\n * Fixes https://github.com/himmelblau-idm/himmelblau/issues/397\n * Clear server config when clearing cache\n * Update version in the Cargo.lock\n * deps(rust): bump async-trait from 0.1.86 to 0.1.87\n * deps(rust): bump chrono from 0.4.39 to 0.4.40\n * Fix himmelblau.conf man page cn_name_mapping entry\n * deps(rust): bump pem from 3.0.4 to 3.0.5\n * deps(rust): bump serde from 1.0.217 to 1.0.218\n\nVersion 1.0.0:\n\n * deps(rust): bump cc from 1.2.15 to 1.2.16\n * Update workflow versions\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-471",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-fu-2026_20990-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-FU-2026:20990-1",
"url": "https://www.suse.com/support/update/announcement//suse-fu-202620990-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-FU-2026:20990-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045341.html"
},
{
"category": "self",
"summary": "SUSE Bug 1247735",
"url": "https://bugzilla.suse.com/1247735"
},
{
"category": "self",
"summary": "SUSE Bug 1249013",
"url": "https://bugzilla.suse.com/1249013"
},
{
"category": "self",
"summary": "SUSE Bug 1257904",
"url": "https://bugzilla.suse.com/1257904"
},
{
"category": "self",
"summary": "SUSE Bug 1258236",
"url": "https://bugzilla.suse.com/1258236"
},
{
"category": "self",
"summary": "SUSE Bug 1259548",
"url": "https://bugzilla.suse.com/1259548"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54882 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58160 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58160/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31979 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31979/"
}
],
"title": "Feature update for himmelblau",
"tracking": {
"current_release_date": "2026-04-01T09:19:25Z",
"generator": {
"date": "2026-04-01T09:19:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-FU-2026:20990-1",
"initial_release_date": "2026-04-01T09:19:25Z",
"revision_history": [
{
"date": "2026-04-01T09:19:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product": {
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product_id": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product": {
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product_id": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product": {
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product_id": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product": {
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"product_id": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"product": {
"name": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"product_id": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"product": {
"name": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"product_id": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product": {
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product_id": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product": {
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product_id": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product": {
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product_id": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product": {
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"product_id": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch"
},
"product_reference": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch"
},
"product_reference": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch"
},
"product_reference": "himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch"
},
"product_reference": "himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64"
},
"product_reference": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
},
"product_reference": "pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54882"
}
],
"notes": [
{
"category": "general",
"text": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials are stored as world readable. This is fixed in versions 0.9.22 and 1.2.0. To work around this issue, remove all read access to Himmelblau caches for all users except for owners.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54882",
"url": "https://www.suse.com/security/cve/CVE-2025-54882"
},
{
"category": "external",
"summary": "SUSE Bug 1247735 for CVE-2025-54882",
"url": "https://bugzilla.suse.com/1247735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T09:19:25Z",
"details": "important"
}
],
"title": "CVE-2025-54882"
},
{
"cve": "CVE-2025-58160",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58160"
}
],
"notes": [
{
"category": "general",
"text": "tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58160",
"url": "https://www.suse.com/security/cve/CVE-2025-58160"
},
{
"category": "external",
"summary": "SUSE Bug 1249007 for CVE-2025-58160",
"url": "https://bugzilla.suse.com/1249007"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T09:19:25Z",
"details": "low"
}
],
"title": "CVE-2025-58160"
},
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T09:19:25Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
},
{
"cve": "CVE-2026-31979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31979"
}
],
"notes": [
{
"category": "general",
"text": "Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc_\u003cuid\u003e without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the tasks daemon\u0027s systemd hardening, exposing it to the host /tmp. A local user can exploit this via symlink attacks to chown or overwrite arbitrary files, achieving local privilege escalation. This vulnerability is fixed in 3.1.0 and 2.3.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31979",
"url": "https://www.suse.com/security/cve/CVE-2026-31979"
},
{
"category": "external",
"summary": "SUSE Bug 1259548 for CVE-2026-31979",
"url": "https://bugzilla.suse.com/1259548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-qr-greeter-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sshd-config-2.3.8+git0.dec3693-160000.1.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:himmelblau-sso-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:libnss_himmelblau2-2.3.8+git0.dec3693-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:pam-himmelblau-2.3.8+git0.dec3693-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T09:19:25Z",
"details": "important"
}
],
"title": "CVE-2026-31979"
}
]
}
OPENSUSE-SU-2026:10170-1
Vulnerability from csaf_opensuse - Published: 2026-02-10 00:00 - Updated: 2026-02-10 00:00Summary
keylime-ima-policy-0.2.8+116-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: keylime-ima-policy-0.2.8+116-1.1 on GA media
Description of the patch: These are all security issues fixed in the keylime-ima-policy-0.2.8+116-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10170
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "keylime-ima-policy-0.2.8+116-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the keylime-ima-policy-0.2.8+116-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10170",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10170-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "keylime-ima-policy-0.2.8+116-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-10T00:00:00Z",
"generator": {
"date": "2026-02-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10170-1",
"initial_release_date": "2026-02-10T00:00:00Z",
"revision_history": [
{
"date": "2026-02-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-1.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-1.1.aarch64",
"product_id": "keylime-ima-policy-0.2.8+116-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-1.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.8+116-1.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.8+116-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-1.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.8+116-1.1.s390x",
"product_id": "keylime-ima-policy-0.2.8+116-1.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.s390x",
"product_id": "rust-keylime-0.2.8+116-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-1.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-1.1.x86_64",
"product_id": "keylime-ima-policy-0.2.8+116-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-1.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.aarch64"
},
"product_reference": "keylime-ima-policy-0.2.8+116-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.ppc64le"
},
"product_reference": "keylime-ima-policy-0.2.8+116-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.s390x"
},
"product_reference": "keylime-ima-policy-0.2.8+116-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.x86_64"
},
"product_reference": "keylime-ima-policy-0.2.8+116-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.8+116-1.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.8+116-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10185-1
Vulnerability from csaf_opensuse - Published: 2026-02-12 00:00 - Updated: 2026-02-12 00:00Summary
cargo-c-0.10.15-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: cargo-c-0.10.15-2.1 on GA media
Description of the patch: These are all security issues fixed in the cargo-c-0.10.15-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10185
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-c-0.10.15-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-c-0.10.15-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10185",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10185-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "cargo-c-0.10.15-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-12T00:00:00Z",
"generator": {
"date": "2026-02-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10185-1",
"initial_release_date": "2026-02-12T00:00:00Z",
"revision_history": [
{
"date": "2026-02-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.15-2.1.aarch64",
"product": {
"name": "cargo-c-0.10.15-2.1.aarch64",
"product_id": "cargo-c-0.10.15-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.15-2.1.ppc64le",
"product": {
"name": "cargo-c-0.10.15-2.1.ppc64le",
"product_id": "cargo-c-0.10.15-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.15-2.1.s390x",
"product": {
"name": "cargo-c-0.10.15-2.1.s390x",
"product_id": "cargo-c-0.10.15-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.10.15-2.1.x86_64",
"product": {
"name": "cargo-c-0.10.15-2.1.x86_64",
"product_id": "cargo-c-0.10.15-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.15-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.15-2.1.aarch64"
},
"product_reference": "cargo-c-0.10.15-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.15-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.15-2.1.ppc64le"
},
"product_reference": "cargo-c-0.10.15-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.15-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.15-2.1.s390x"
},
"product_reference": "cargo-c-0.10.15-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.10.15-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.10.15-2.1.x86_64"
},
"product_reference": "cargo-c-0.10.15-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.10.15-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10180-1
Vulnerability from csaf_opensuse - Published: 2026-02-11 00:00 - Updated: 2026-02-11 00:00Summary
rustup-1.28.2~0-3.1 on GA media
Severity
Moderate
Notes
Title of the patch: rustup-1.28.2~0-3.1 on GA media
Description of the patch: These are all security issues fixed in the rustup-1.28.2~0-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10180
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rustup-1.28.2~0-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rustup-1.28.2~0-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10180",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10180-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "rustup-1.28.2~0-3.1 on GA media",
"tracking": {
"current_release_date": "2026-02-11T00:00:00Z",
"generator": {
"date": "2026-02-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10180-1",
"initial_release_date": "2026-02-11T00:00:00Z",
"revision_history": [
{
"date": "2026-02-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-3.1.aarch64",
"product": {
"name": "rustup-1.28.2~0-3.1.aarch64",
"product_id": "rustup-1.28.2~0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-3.1.ppc64le",
"product": {
"name": "rustup-1.28.2~0-3.1.ppc64le",
"product_id": "rustup-1.28.2~0-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-3.1.s390x",
"product": {
"name": "rustup-1.28.2~0-3.1.s390x",
"product_id": "rustup-1.28.2~0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-3.1.x86_64",
"product": {
"name": "rustup-1.28.2~0-3.1.x86_64",
"product_id": "rustup-1.28.2~0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-3.1.aarch64"
},
"product_reference": "rustup-1.28.2~0-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-3.1.ppc64le"
},
"product_reference": "rustup-1.28.2~0-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-3.1.s390x"
},
"product_reference": "rustup-1.28.2~0-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-3.1.x86_64"
},
"product_reference": "rustup-1.28.2~0-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.aarch64",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.s390x",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.aarch64",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.s390x",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.aarch64",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.s390x",
"openSUSE Tumbleweed:rustup-1.28.2~0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10175-1
Vulnerability from csaf_opensuse - Published: 2026-02-11 00:00 - Updated: 2026-02-11 00:00Summary
cargo-audit-0.22.1~git0.efcde93-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: cargo-audit-0.22.1~git0.efcde93-2.1 on GA media
Description of the patch: These are all security issues fixed in the cargo-audit-0.22.1~git0.efcde93-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10175
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-audit-0.22.1~git0.efcde93-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-audit-0.22.1~git0.efcde93-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10175",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10175-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "cargo-audit-0.22.1~git0.efcde93-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-11T00:00:00Z",
"generator": {
"date": "2026-02-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10175-1",
"initial_release_date": "2026-02-11T00:00:00Z",
"revision_history": [
{
"date": "2026-02-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.aarch64",
"product": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.aarch64",
"product_id": "cargo-audit-0.22.1~git0.efcde93-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le",
"product": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le",
"product_id": "cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.s390x",
"product": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.s390x",
"product_id": "cargo-audit-0.22.1~git0.efcde93-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.x86_64",
"product": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.x86_64",
"product_id": "cargo-audit-0.22.1~git0.efcde93-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.aarch64"
},
"product_reference": "cargo-audit-0.22.1~git0.efcde93-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le"
},
"product_reference": "cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.s390x"
},
"product_reference": "cargo-audit-0.22.1~git0.efcde93-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-audit-0.22.1~git0.efcde93-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.x86_64"
},
"product_reference": "cargo-audit-0.22.1~git0.efcde93-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.aarch64",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.s390x",
"openSUSE Tumbleweed:cargo-audit-0.22.1~git0.efcde93-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10202-1
Vulnerability from csaf_opensuse - Published: 2026-02-14 00:00 - Updated: 2026-02-14 00:00Summary
himmelblau-2.3.5+git0.9dd526c-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: himmelblau-2.3.5+git0.9dd526c-1.1 on GA media
Description of the patch: These are all security issues fixed in the himmelblau-2.3.5+git0.9dd526c-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10202
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "himmelblau-2.3.5+git0.9dd526c-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the himmelblau-2.3.5+git0.9dd526c-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10202",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10202-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "himmelblau-2.3.5+git0.9dd526c-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-14T00:00:00Z",
"generator": {
"date": "2026-02-14T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10202-1",
"initial_release_date": "2026-02-14T00:00:00Z",
"revision_history": [
{
"date": "2026-02-14T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"product": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"product_id": "himmelblau-2.3.5+git0.9dd526c-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64",
"product": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64",
"product_id": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64",
"product": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64",
"product_id": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64",
"product": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64",
"product_id": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64",
"product": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64",
"product_id": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"product": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"product_id": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"product": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"product_id": "himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le",
"product": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le",
"product_id": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le",
"product": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le",
"product_id": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le",
"product": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le",
"product_id": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le",
"product": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le",
"product_id": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"product": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"product_id": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"product": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"product_id": "himmelblau-2.3.5+git0.9dd526c-1.1.s390x"
}
},
{
"category": "product_version",
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x",
"product": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x",
"product_id": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x",
"product": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x",
"product_id": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x",
"product": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x",
"product_id": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x",
"product": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x",
"product_id": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"product": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"product_id": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"product": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"product_id": "himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64",
"product": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64",
"product_id": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64",
"product": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64",
"product_id": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64",
"product": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64",
"product_id": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64",
"product": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64",
"product_id": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"product": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"product_id": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.aarch64"
},
"product_reference": "himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le"
},
"product_reference": "himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.s390x"
},
"product_reference": "himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-2.3.5+git0.9dd526c-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
},
"product_reference": "himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64"
},
"product_reference": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le"
},
"product_reference": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x"
},
"product_reference": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64"
},
"product_reference": "himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64"
},
"product_reference": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le"
},
"product_reference": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x"
},
"product_reference": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64"
},
"product_reference": "himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64"
},
"product_reference": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le"
},
"product_reference": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x"
},
"product_reference": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64"
},
"product_reference": "himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64"
},
"product_reference": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le"
},
"product_reference": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x"
},
"product_reference": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64"
},
"product_reference": "libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64"
},
"product_reference": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le"
},
"product_reference": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x"
},
"product_reference": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
},
"product_reference": "pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-qr-greeter-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sshd-config-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:himmelblau-sso-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:libnss_himmelblau2-2.3.5+git0.9dd526c-1.1.x86_64",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.aarch64",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.ppc64le",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.s390x",
"openSUSE Tumbleweed:pam-himmelblau-2.3.5+git0.9dd526c-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-14T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10181-1
Vulnerability from csaf_opensuse - Published: 2026-02-11 00:00 - Updated: 2026-02-11 00:00Summary
sccache-0.13.0~1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: sccache-0.13.0~1-2.1 on GA media
Description of the patch: These are all security issues fixed in the sccache-0.13.0~1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10181
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "sccache-0.13.0~1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the sccache-0.13.0~1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10181",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10181-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "sccache-0.13.0~1-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-11T00:00:00Z",
"generator": {
"date": "2026-02-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10181-1",
"initial_release_date": "2026-02-11T00:00:00Z",
"revision_history": [
{
"date": "2026-02-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.13.0~1-2.1.aarch64",
"product": {
"name": "sccache-0.13.0~1-2.1.aarch64",
"product_id": "sccache-0.13.0~1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.13.0~1-2.1.ppc64le",
"product": {
"name": "sccache-0.13.0~1-2.1.ppc64le",
"product_id": "sccache-0.13.0~1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.13.0~1-2.1.s390x",
"product": {
"name": "sccache-0.13.0~1-2.1.s390x",
"product_id": "sccache-0.13.0~1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.13.0~1-2.1.x86_64",
"product": {
"name": "sccache-0.13.0~1-2.1.x86_64",
"product_id": "sccache-0.13.0~1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.13.0~1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.13.0~1-2.1.aarch64"
},
"product_reference": "sccache-0.13.0~1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.13.0~1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.13.0~1-2.1.ppc64le"
},
"product_reference": "sccache-0.13.0~1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.13.0~1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.13.0~1-2.1.s390x"
},
"product_reference": "sccache-0.13.0~1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.13.0~1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.13.0~1-2.1.x86_64"
},
"product_reference": "sccache-0.13.0~1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.aarch64",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.s390x",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.aarch64",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.s390x",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.aarch64",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.s390x",
"openSUSE Tumbleweed:sccache-0.13.0~1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:20326-1
Vulnerability from csaf_opensuse - Published: 2026-03-05 14:23 - Updated: 2026-03-05 14:23Summary
Security update for virtiofsd
Severity
Important
Notes
Title of the patch: Security update for virtiofsd
Description of the patch: This update for virtiofsd fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257912).
Patchnames: openSUSE-Leap-16.0-359
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for virtiofsd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for virtiofsd fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257912).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-359",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20326-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257912",
"url": "https://bugzilla.suse.com/1257912"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for virtiofsd",
"tracking": {
"current_release_date": "2026-03-05T14:23:19Z",
"generator": {
"date": "2026-03-05T14:23:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20326-1",
"initial_release_date": "2026-03-05T14:23:19Z",
"revision_history": [
{
"date": "2026-03-05T14:23:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.aarch64",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.aarch64",
"product_id": "virtiofsd-1.12.0-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.ppc64le",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.ppc64le",
"product_id": "virtiofsd-1.12.0-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.s390x",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.s390x",
"product_id": "virtiofsd-1.12.0-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.12.0-160000.3.1.x86_64",
"product": {
"name": "virtiofsd-1.12.0-160000.3.1.x86_64",
"product_id": "virtiofsd-1.12.0-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.aarch64"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.ppc64le"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.s390x"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.12.0-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.x86_64"
},
"product_reference": "virtiofsd-1.12.0-160000.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.aarch64",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.ppc64le",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.s390x",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.aarch64",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.ppc64le",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.s390x",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.aarch64",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.ppc64le",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.s390x",
"openSUSE Leap 16.0:virtiofsd-1.12.0-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-05T14:23:19Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:20245-1
Vulnerability from csaf_opensuse - Published: 2026-02-17 14:08 - Updated: 2026-02-17 14:08Summary
Security update for wicked2nm
Severity
Important
Notes
Title of the patch: Security update for wicked2nm
Description of the patch: This update for wicked2nm fixes the following issues:
- Update to version 1.4.1
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908).
Patchnames: openSUSE-Leap-16.0-292
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for wicked2nm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for wicked2nm fixes the following issues:\n\n- Update to version 1.4.1\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257908).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-292",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20245-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257911",
"url": "https://bugzilla.suse.com/1257911"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for wicked2nm",
"tracking": {
"current_release_date": "2026-02-17T14:08:05Z",
"generator": {
"date": "2026-02-17T14:08:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20245-1",
"initial_release_date": "2026-02-17T14:08:05Z",
"revision_history": [
{
"date": "2026-02-17T14:08:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.aarch64",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.aarch64",
"product_id": "wicked2nm-1.4.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"product_id": "wicked2nm-1.4.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.s390x",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.s390x",
"product_id": "wicked2nm-1.4.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-160000.1.1.x86_64",
"product": {
"name": "wicked2nm-1.4.1-160000.1.1.x86_64",
"product_id": "wicked2nm-1.4.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.aarch64"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.s390x"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
},
"product_reference": "wicked2nm-1.4.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.ppc64le",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.s390x",
"openSUSE Leap 16.0:wicked2nm-1.4.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T14:08:05Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10179-1
Vulnerability from csaf_opensuse - Published: 2026-02-11 00:00 - Updated: 2026-02-11 00:00Summary
python311-maturin-1.11.5-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-maturin-1.11.5-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-maturin-1.11.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10179
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-maturin-1.11.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-maturin-1.11.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10179",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10179-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "python311-maturin-1.11.5-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-11T00:00:00Z",
"generator": {
"date": "2026-02-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10179-1",
"initial_release_date": "2026-02-11T00:00:00Z",
"revision_history": [
{
"date": "2026-02-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.11.5-1.1.aarch64",
"product": {
"name": "python311-maturin-1.11.5-1.1.aarch64",
"product_id": "python311-maturin-1.11.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-maturin-1.11.5-1.1.aarch64",
"product": {
"name": "python312-maturin-1.11.5-1.1.aarch64",
"product_id": "python312-maturin-1.11.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-maturin-1.11.5-1.1.aarch64",
"product": {
"name": "python313-maturin-1.11.5-1.1.aarch64",
"product_id": "python313-maturin-1.11.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.11.5-1.1.ppc64le",
"product": {
"name": "python311-maturin-1.11.5-1.1.ppc64le",
"product_id": "python311-maturin-1.11.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-maturin-1.11.5-1.1.ppc64le",
"product": {
"name": "python312-maturin-1.11.5-1.1.ppc64le",
"product_id": "python312-maturin-1.11.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-maturin-1.11.5-1.1.ppc64le",
"product": {
"name": "python313-maturin-1.11.5-1.1.ppc64le",
"product_id": "python313-maturin-1.11.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.11.5-1.1.s390x",
"product": {
"name": "python311-maturin-1.11.5-1.1.s390x",
"product_id": "python311-maturin-1.11.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-maturin-1.11.5-1.1.s390x",
"product": {
"name": "python312-maturin-1.11.5-1.1.s390x",
"product_id": "python312-maturin-1.11.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-maturin-1.11.5-1.1.s390x",
"product": {
"name": "python313-maturin-1.11.5-1.1.s390x",
"product_id": "python313-maturin-1.11.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-maturin-1.11.5-1.1.x86_64",
"product": {
"name": "python311-maturin-1.11.5-1.1.x86_64",
"product_id": "python311-maturin-1.11.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-maturin-1.11.5-1.1.x86_64",
"product": {
"name": "python312-maturin-1.11.5-1.1.x86_64",
"product_id": "python312-maturin-1.11.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-maturin-1.11.5-1.1.x86_64",
"product": {
"name": "python313-maturin-1.11.5-1.1.x86_64",
"product_id": "python313-maturin-1.11.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.11.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.aarch64"
},
"product_reference": "python311-maturin-1.11.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.11.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.ppc64le"
},
"product_reference": "python311-maturin-1.11.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.11.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.s390x"
},
"product_reference": "python311-maturin-1.11.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-maturin-1.11.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.x86_64"
},
"product_reference": "python311-maturin-1.11.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-maturin-1.11.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.aarch64"
},
"product_reference": "python312-maturin-1.11.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-maturin-1.11.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.ppc64le"
},
"product_reference": "python312-maturin-1.11.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-maturin-1.11.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.s390x"
},
"product_reference": "python312-maturin-1.11.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-maturin-1.11.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.x86_64"
},
"product_reference": "python312-maturin-1.11.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.11.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.aarch64"
},
"product_reference": "python313-maturin-1.11.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.11.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.ppc64le"
},
"product_reference": "python313-maturin-1.11.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.11.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.s390x"
},
"product_reference": "python313-maturin-1.11.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.11.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.x86_64"
},
"product_reference": "python313-maturin-1.11.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python311-maturin-1.11.5-1.1.x86_64",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python312-maturin-1.11.5-1.1.x86_64",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.aarch64",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.ppc64le",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.s390x",
"openSUSE Tumbleweed:python313-maturin-1.11.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10182-1
Vulnerability from csaf_opensuse - Published: 2026-02-11 00:00 - Updated: 2026-02-11 00:00Summary
snpguest-0.10.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: snpguest-0.10.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the snpguest-0.10.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10182
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "snpguest-0.10.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the snpguest-0.10.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10182",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10182-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "snpguest-0.10.0-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-11T00:00:00Z",
"generator": {
"date": "2026-02-11T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10182-1",
"initial_release_date": "2026-02-11T00:00:00Z",
"revision_history": [
{
"date": "2026-02-11T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.10.0-2.1.aarch64",
"product": {
"name": "snpguest-0.10.0-2.1.aarch64",
"product_id": "snpguest-0.10.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.10.0-2.1.ppc64le",
"product": {
"name": "snpguest-0.10.0-2.1.ppc64le",
"product_id": "snpguest-0.10.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.10.0-2.1.s390x",
"product": {
"name": "snpguest-0.10.0-2.1.s390x",
"product_id": "snpguest-0.10.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.10.0-2.1.x86_64",
"product": {
"name": "snpguest-0.10.0-2.1.x86_64",
"product_id": "snpguest-0.10.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.10.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:snpguest-0.10.0-2.1.aarch64"
},
"product_reference": "snpguest-0.10.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.10.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:snpguest-0.10.0-2.1.ppc64le"
},
"product_reference": "snpguest-0.10.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.10.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:snpguest-0.10.0-2.1.s390x"
},
"product_reference": "snpguest-0.10.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.10.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:snpguest-0.10.0-2.1.x86_64"
},
"product_reference": "snpguest-0.10.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.aarch64",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.ppc64le",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.s390x",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.aarch64",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.ppc64le",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.s390x",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.aarch64",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.ppc64le",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.s390x",
"openSUSE Tumbleweed:snpguest-0.10.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:20364-1
Vulnerability from csaf_opensuse - Published: 2026-03-16 15:31 - Updated: 2026-03-16 15:31Summary
Security update for rust-keylime
Severity
Important
Notes
Title of the patch: Security update for rust-keylime
Description of the patch: This update for rust-keylime fixes the following issues:
- Update to version 0.2.8+116:
- CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. (bsc#1257908)
Patchnames: openSUSE-Leap-16.0-387
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.8+116:\n- CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. (bsc#1257908)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-387",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20364-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE Bug 1248006",
"url": "https://bugzilla.suse.com/1248006"
},
{
"category": "self",
"summary": "SUSE Bug 1257908",
"url": "https://bugzilla.suse.com/1257908"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-55159 page",
"url": "https://www.suse.com/security/cve/CVE-2025-55159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2026-03-16T15:31:12Z",
"generator": {
"date": "2026-03-16T15:31:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20364-1",
"initial_release_date": "2026-03-16T15:31:12Z",
"revision_history": [
{
"date": "2026-03-16T15:31:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"product_id": "keylime-ima-policy-0.2.8+116-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.aarch64",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"product_id": "keylime-ima-policy-0.2.8+116-160000.1.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.s390x",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.s390x",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"product_id": "keylime-ima-policy-0.2.8+116-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.8+116-160000.1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.8+116-160000.1.1.x86_64",
"product_id": "rust-keylime-0.2.8+116-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64"
},
"product_reference": "keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le"
},
"product_reference": "keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x"
},
"product_reference": "keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.8+116-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64"
},
"product_reference": "keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.8+116-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.8+116-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-55159"
}
],
"notes": [
{
"category": "general",
"text": "slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get_disjoint_mut method incorrectly checked if indices were within the slab\u0027s capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has been fixed in slab 0.4.11. A workaround for this issue involves to avoid using get_disjoint_mut with indices that might be beyond the slab\u0027s actual length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-55159",
"url": "https://www.suse.com/security/cve/CVE-2025-55159"
},
{
"category": "external",
"summary": "SUSE Bug 1248000 for CVE-2025-55159",
"url": "https://bugzilla.suse.com/1248000"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:31:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-55159"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through \u003c= 6.0.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:31:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-58266"
},
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:keylime-ima-policy-0.2.8+116-160000.1.1.x86_64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.aarch64",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.ppc64le",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.s390x",
"openSUSE Leap 16.0:rust-keylime-0.2.8+116-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:31:12Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:20377-1
Vulnerability from csaf_opensuse - Published: 2026-03-17 12:51 - Updated: 2026-03-17 12:51Summary
Security update for python-maturin
Severity
Important
Notes
Title of the patch: Security update for python-maturin
Description of the patch: This update for python-maturin fixes the following issue:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257918).
Patchnames: openSUSE-Leap-16.0-395
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-maturin",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-maturin fixes the following issue:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n (bsc#1257918).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-395",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20377-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257918",
"url": "https://bugzilla.suse.com/1257918"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for python-maturin",
"tracking": {
"current_release_date": "2026-03-17T12:51:10Z",
"generator": {
"date": "2026-03-17T12:51:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20377-1",
"initial_release_date": "2026-03-17T12:51:10Z",
"revision_history": [
{
"date": "2026-03-17T12:51:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.aarch64",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.aarch64",
"product_id": "python313-maturin-1.8.7-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.ppc64le",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.ppc64le",
"product_id": "python313-maturin-1.8.7-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.s390x",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.s390x",
"product_id": "python313-maturin-1.8.7-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python313-maturin-1.8.7-160000.4.1.x86_64",
"product": {
"name": "python313-maturin-1.8.7-160000.4.1.x86_64",
"product_id": "python313-maturin-1.8.7-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.aarch64"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.ppc64le"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.s390x"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-maturin-1.8.7-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.x86_64"
},
"product_reference": "python313-maturin-1.8.7-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.aarch64",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.ppc64le",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.s390x",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.aarch64",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.ppc64le",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.s390x",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.aarch64",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.ppc64le",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.s390x",
"openSUSE Leap 16.0:python313-maturin-1.8.7-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-17T12:51:10Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10172-1
Vulnerability from csaf_opensuse - Published: 2026-02-10 00:00 - Updated: 2026-02-10 00:00Summary
wicked2nm-1.4.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: wicked2nm-1.4.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the wicked2nm-1.4.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10172
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "wicked2nm-1.4.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the wicked2nm-1.4.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10172",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10172-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "wicked2nm-1.4.1-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-10T00:00:00Z",
"generator": {
"date": "2026-02-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10172-1",
"initial_release_date": "2026-02-10T00:00:00Z",
"revision_history": [
{
"date": "2026-02-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-1.1.aarch64",
"product": {
"name": "wicked2nm-1.4.1-1.1.aarch64",
"product_id": "wicked2nm-1.4.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-1.1.ppc64le",
"product": {
"name": "wicked2nm-1.4.1-1.1.ppc64le",
"product_id": "wicked2nm-1.4.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-1.1.s390x",
"product": {
"name": "wicked2nm-1.4.1-1.1.s390x",
"product_id": "wicked2nm-1.4.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "wicked2nm-1.4.1-1.1.x86_64",
"product": {
"name": "wicked2nm-1.4.1-1.1.x86_64",
"product_id": "wicked2nm-1.4.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.aarch64"
},
"product_reference": "wicked2nm-1.4.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.ppc64le"
},
"product_reference": "wicked2nm-1.4.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.s390x"
},
"product_reference": "wicked2nm-1.4.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "wicked2nm-1.4.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.x86_64"
},
"product_reference": "wicked2nm-1.4.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.aarch64",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.s390x",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.aarch64",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.s390x",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.aarch64",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.ppc64le",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.s390x",
"openSUSE Tumbleweed:wicked2nm-1.4.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10184-1
Vulnerability from csaf_opensuse - Published: 2026-02-12 00:00 - Updated: 2026-02-12 00:00Summary
cargo-auditable-0.7.2~0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: cargo-auditable-0.7.2~0-2.1 on GA media
Description of the patch: These are all security issues fixed in the cargo-auditable-0.7.2~0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10184
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-auditable-0.7.2~0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-auditable-0.7.2~0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10184",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10184-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "cargo-auditable-0.7.2~0-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-12T00:00:00Z",
"generator": {
"date": "2026-02-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10184-1",
"initial_release_date": "2026-02-12T00:00:00Z",
"revision_history": [
{
"date": "2026-02-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-2.1.aarch64",
"product": {
"name": "cargo-auditable-0.7.2~0-2.1.aarch64",
"product_id": "cargo-auditable-0.7.2~0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-2.1.ppc64le",
"product": {
"name": "cargo-auditable-0.7.2~0-2.1.ppc64le",
"product_id": "cargo-auditable-0.7.2~0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-2.1.s390x",
"product": {
"name": "cargo-auditable-0.7.2~0-2.1.s390x",
"product_id": "cargo-auditable-0.7.2~0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-auditable-0.7.2~0-2.1.x86_64",
"product": {
"name": "cargo-auditable-0.7.2~0-2.1.x86_64",
"product_id": "cargo-auditable-0.7.2~0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.aarch64"
},
"product_reference": "cargo-auditable-0.7.2~0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.ppc64le"
},
"product_reference": "cargo-auditable-0.7.2~0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.s390x"
},
"product_reference": "cargo-auditable-0.7.2~0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-auditable-0.7.2~0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.x86_64"
},
"product_reference": "cargo-auditable-0.7.2~0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.aarch64",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.s390x",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.aarch64",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.s390x",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.aarch64",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.s390x",
"openSUSE Tumbleweed:cargo-auditable-0.7.2~0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:20380-1
Vulnerability from csaf_opensuse - Published: 2026-03-17 15:51 - Updated: 2026-03-17 15:51Summary
Security update for snpguest
Severity
Important
Notes
Title of the patch: Security update for snpguest
Description of the patch: This update for snpguest fixes the following issues:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927).
- Update to version 0.10.0 (bsc#1257877):
* chore: updating tool version to 0.10.0
* refactor(certs): remove redundant branch in file-write logic
* Docs: Adding verify measure, host-data, report-data to docs
* verify: verify measurent, host data, and report data attributes from the attestation report.
* library: Updating sev library to 7.1.0
* ci: replace deprecated gh actions
* feat: multi-format integer parsing for key subcommand arguments
* chore(main): remove unused import `clap::arg`
* feat(fetch): add fetch crl subcommand
* .github/lint: Bump toolchain version to 1.86
* Bump rust version to 1.86
* feat: bumping tool to version 0.9.2
* fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid
* feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0)
* docs: restore and clarify Global Options section
* doc: fix CL argument orders + address recent changes
* fix(hyperv): downgrade VMPL check from error to warning
* fix(report.rs): remove conflict check between --random flag and Hyper-V
* fix(report.rs): Decouple runtime behavior from hyperv build feature
* refactor: clarify --platform error message
* docs: add Azure/Hyper-V build note for --platform
* docs: Update README.md
* report: Writing Req Data as Binary (#101)
* deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99)
Patchnames: openSUSE-Leap-16.0-398
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for snpguest",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for snpguest fixes the following issues:\n\n- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927).\n- Update to version 0.10.0 (bsc#1257877):\n * chore: updating tool version to 0.10.0\n * refactor(certs): remove redundant branch in file-write logic\n * Docs: Adding verify measure, host-data, report-data to docs\n * verify: verify measurent, host data, and report data attributes from the attestation report.\n * library: Updating sev library to 7.1.0\n * ci: replace deprecated gh actions\n * feat: multi-format integer parsing for key subcommand arguments\n * chore(main): remove unused import `clap::arg`\n * feat(fetch): add fetch crl subcommand\n * .github/lint: Bump toolchain version to 1.86\n * Bump rust version to 1.86\n * feat: bumping tool to version 0.9.2\n * fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid\n * feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0)\n * docs: restore and clarify Global Options section\n * doc: fix CL argument orders + address recent changes\n * fix(hyperv): downgrade VMPL check from error to warning\n * fix(report.rs): remove conflict check between --random flag and Hyper-V\n * fix(report.rs): Decouple runtime behavior from hyperv build feature\n * refactor: clarify --platform error message\n * docs: add Azure/Hyper-V build note for --platform\n * docs: Update README.md\n * report: Writing Req Data as Binary (#101)\n * deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-398",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20380-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1257877",
"url": "https://bugzilla.suse.com/1257877"
},
{
"category": "self",
"summary": "SUSE Bug 1257927",
"url": "https://bugzilla.suse.com/1257927"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "Security update for snpguest",
"tracking": {
"current_release_date": "2026-03-17T15:51:45Z",
"generator": {
"date": "2026-03-17T15:51:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20380-1",
"initial_release_date": "2026-03-17T15:51:45Z",
"revision_history": [
{
"date": "2026-03-17T15:51:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "snpguest-0.10.0-160000.1.1.x86_64",
"product": {
"name": "snpguest-0.10.0-160000.1.1.x86_64",
"product_id": "snpguest-0.10.0-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "snpguest-0.10.0-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:snpguest-0.10.0-160000.1.1.x86_64"
},
"product_reference": "snpguest-0.10.0-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:snpguest-0.10.0-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:snpguest-0.10.0-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:snpguest-0.10.0-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-17T15:51:45Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
OPENSUSE-SU-2026:10308-1
Vulnerability from csaf_opensuse - Published: 2026-03-07 00:00 - Updated: 2026-03-07 00:00Summary
virtiofsd-1.13.2-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: virtiofsd-1.13.2-2.1 on GA media
Description of the patch: These are all security issues fixed in the virtiofsd-1.13.2-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10308
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "virtiofsd-1.13.2-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the virtiofsd-1.13.2-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10308",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10308-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25727 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25727/"
}
],
"title": "virtiofsd-1.13.2-2.1 on GA media",
"tracking": {
"current_release_date": "2026-03-07T00:00:00Z",
"generator": {
"date": "2026-03-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10308-1",
"initial_release_date": "2026-03-07T00:00:00Z",
"revision_history": [
{
"date": "2026-03-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.13.2-2.1.aarch64",
"product": {
"name": "virtiofsd-1.13.2-2.1.aarch64",
"product_id": "virtiofsd-1.13.2-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.13.2-2.1.ppc64le",
"product": {
"name": "virtiofsd-1.13.2-2.1.ppc64le",
"product_id": "virtiofsd-1.13.2-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.13.2-2.1.s390x",
"product": {
"name": "virtiofsd-1.13.2-2.1.s390x",
"product_id": "virtiofsd-1.13.2-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "virtiofsd-1.13.2-2.1.x86_64",
"product": {
"name": "virtiofsd-1.13.2-2.1.x86_64",
"product_id": "virtiofsd-1.13.2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.13.2-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.aarch64"
},
"product_reference": "virtiofsd-1.13.2-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.13.2-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.ppc64le"
},
"product_reference": "virtiofsd-1.13.2-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.13.2-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.s390x"
},
"product_reference": "virtiofsd-1.13.2-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "virtiofsd-1.13.2-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.x86_64"
},
"product_reference": "virtiofsd-1.13.2-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25727"
}
],
"notes": [
{
"category": "general",
"text": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.aarch64",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.ppc64le",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.s390x",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25727",
"url": "https://www.suse.com/security/cve/CVE-2026-25727"
},
{
"category": "external",
"summary": "SUSE Bug 1257901 for CVE-2026-25727",
"url": "https://bugzilla.suse.com/1257901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.aarch64",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.ppc64le",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.s390x",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.aarch64",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.ppc64le",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.s390x",
"openSUSE Tumbleweed:virtiofsd-1.13.2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25727"
}
]
}
FKIE_CVE-2026-25727
Vulnerability from fkie_nvd - Published: 2026-02-06 20:16 - Updated: 2026-02-24 15:23
Severity ?
Summary
time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05 | Release Notes | |
| security-advisories@github.com | https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee | Patch | |
| security-advisories@github.com | https://github.com/time-rs/time/releases/tag/v0.3.47 | Product, Release Notes | |
| security-advisories@github.com | https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| time_project | time | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:time_project:time:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "7B1E36BA-97A9-44D1-8E88-2E5B96901D1A",
"versionEndExcluding": "0.3.47",
"versionStartIncluding": "0.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack."
},
{
"lang": "es",
"value": "time proporciona manejo de fechas y horas en Rust. Desde la versi\u00f3n 0.3.6 hasta antes de la 0.3.47, cuando se proporciona una entrada del usuario a cualquier tipo que analiza el formato RFC 2822, es posible un ataque de denegaci\u00f3n de servicio por agotamiento de la pila. El ataque se basa en caracter\u00edsticas formalmente deprecadas y rara vez utilizadas que forman parte del formato RFC 2822, empleadas de manera maliciosa. Una entrada ordinaria y no maliciosa nunca encontrar\u00e1 este escenario. Se a\u00f1adi\u00f3 un l\u00edmite a la profundidad de recursi\u00f3n en la versi\u00f3n 0.3.47. A partir de esta versi\u00f3n, se devolver\u00e1 un error en lugar de agotar la pila."
}
],
"id": "CVE-2026-25727",
"lastModified": "2026-02-24T15:23:35.563",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-06T20:16:11.860",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/time-rs/time/releases/tag/v0.3.47"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-R6V5-FH4H-64XC
Vulnerability from github – Published: 2026-02-05 17:57 – Updated: 2026-02-23 22:34
VLAI?
Summary
time vulnerable to stack exhaustion Denial of Service attack
Details
Impact
When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
Patches
A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Workarounds
Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of the stack consumed would be at most a factor of the length of the input.
Alternatively, avoiding the format altogether would also ensure that the vulnerability is not encountered. To do this, add
disallowed-types = ["time::format_description::well_known::Rfc2822"]
to your clippy.toml file. This will trigger the clippy::disallowed_types lint, which is warn-by-default and can be explicitly denied.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "time"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.6"
},
{
"fixed": "0.3.47"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25727"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-05T17:57:55Z",
"nvd_published_at": "2026-02-06T20:16:11Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nWhen user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.\n\n### Patches\n\nA limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.\n\n### Workarounds\n\nLimiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of the stack consumed would be at most a factor of the length of the input.\n\nAlternatively, avoiding the format altogether would also ensure that the vulnerability is not encountered. To do this, add\n\n```toml\ndisallowed-types = [\"time::format_description::well_known::Rfc2822\"]\n```\n\nto your `clippy.toml` file. This will trigger the `clippy::disallowed_types` lint, which is warn-by-default and can be explicitly denied.",
"id": "GHSA-r6v5-fh4h-64xc",
"modified": "2026-02-23T22:34:23Z",
"published": "2026-02-05T17:57:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/time-rs/time/security/advisories/GHSA-r6v5-fh4h-64xc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25727"
},
{
"type": "WEB",
"url": "https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee"
},
{
"type": "PACKAGE",
"url": "https://github.com/time-rs/time"
},
{
"type": "WEB",
"url": "https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05"
},
{
"type": "WEB",
"url": "https://github.com/time-rs/time/releases/tag/v0.3.47"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"type": "CVSS_V4"
}
],
"summary": "time vulnerable to stack exhaustion Denial of Service attack"
}
rustsec-2026-0009
Vulnerability from osv_rustsec
Published
2026-02-05 12:00
Modified
2026-02-06 09:12
Summary
Denial of Service via Stack Exhaustion
Details
Impact
When user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario.
Patches
A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.
Workarounds
Limiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of the stack consumed would be at most a factor of the length of the input.
Severity
References
{
"affected": [
{
"database_specific": {
"categories": [
"denial-of-service"
],
"cvss": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"informational": null
},
"ecosystem_specific": {
"affected_functions": null,
"affects": {
"arch": [],
"functions": [
"time::Date::parse",
"time::OffsetDateTime::parse",
"time::PrimitiveDateTime::parse",
"time::Time::parse",
"time::UtcDateTime::parse",
"time::UtcOffset::parse",
"time::parsing::Parsed::parse_item"
],
"os": []
}
},
"package": {
"ecosystem": "crates.io",
"name": "time",
"purl": "pkg:cargo/time"
},
"ranges": [
{
"events": [
{
"introduced": "0.3.6"
},
{
"fixed": "0.3.47"
}
],
"type": "SEMVER"
}
],
"versions": []
}
],
"aliases": [
"CVE-2026-25727",
"GHSA-r6v5-fh4h-64xc"
],
"database_specific": {
"license": "CC0-1.0"
},
"details": "## Impact\n\nWhen user-provided input is provided to any type that parses with the RFC 2822 format, a denial of\nservice attack via stack exhaustion is possible. The attack relies on formally deprecated and\nrarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary,\nnon-malicious input will never encounter this scenario.\n\n## Patches\n\nA limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned\nrather than exhausting the stack.\n\n## Workarounds\n\nLimiting the length of user input is the simplest way to avoid stack exhaustion, as the amount of\nthe stack consumed would be at most a factor of the length of the input.",
"id": "RUSTSEC-2026-0009",
"modified": "2026-02-06T09:12:16Z",
"published": "2026-02-05T12:00:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://crates.io/crates/time"
},
{
"type": "ADVISORY",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0009.html"
},
{
"type": "WEB",
"url": "https://github.com/time-rs/time/blob/main/CHANGELOG.md#0347-2026-02-05"
}
],
"related": [],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"type": "CVSS_V4"
}
],
"summary": "Denial of Service via Stack Exhaustion"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…