OESA-2026-2945

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2945
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2945.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2945
Upstream
Published
2026-07-09T12:53:50Z
Modified
2026-07-14T08:15:09.768110303Z
Summary
rpm-ostree security update
Details

rpm-ostree is a hybrid image/package system. It supports "composing" packages on a build server into an OSTree repository, which can then be replicated by client systems with atomic upgrades. Additionally, unlike many "pure" image systems, with rpm-ostree each client system can layer on additional packages, providing a "best of both worlds" approach.

Security Fix(es):

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.(CVE-2024-12224)

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.(CVE-2025-3416)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / rpm-ostree

Package

Name
rpm-ostree
Purl
pkg:rpm/openEuler/rpm-ostree&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2024.4-7.oe2403sp1

Ecosystem specific

{
    "src": [
        "rpm-ostree-2024.4-7.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "rpm-ostree-2024.4-7.oe2403sp1.aarch64.rpm",
        "rpm-ostree-debuginfo-2024.4-7.oe2403sp1.aarch64.rpm",
        "rpm-ostree-debugsource-2024.4-7.oe2403sp1.aarch64.rpm",
        "rpm-ostree-devel-2024.4-7.oe2403sp1.aarch64.rpm",
        "rpm-ostree-libs-2024.4-7.oe2403sp1.aarch64.rpm"
    ],
    "x86_64": [
        "rpm-ostree-2024.4-7.oe2403sp1.x86_64.rpm",
        "rpm-ostree-debuginfo-2024.4-7.oe2403sp1.x86_64.rpm",
        "rpm-ostree-debugsource-2024.4-7.oe2403sp1.x86_64.rpm",
        "rpm-ostree-devel-2024.4-7.oe2403sp1.x86_64.rpm",
        "rpm-ostree-libs-2024.4-7.oe2403sp1.x86_64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2945.json"