SUSE-SU-2025:20858-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-202520858-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:20858-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:20858-1
- Upstream
- Related
- Published
- 2025-10-14T13:18:43Z
- Modified
- 2026-03-23T04:42:58.932899Z
- Summary
- Security update for rust-keylime
- Details
-
This update for rust-keylime fixes the following issues:
- CVE-2025-55159: slab: incorrect bounds check in getdisjointmut function can lead to undefined behavior or potential crash due to out-of-bounds access (bsc#1248006)
- CVE-2025-3416: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623)
- CVE-2024-58266: shlex: certain bytes allowed to appear unquoted and unescaped in command arguments (bsc#1247193)
- CVE-2024-43806: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952)
CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861)
RUSTSEC-2024-0006: Multiple issues involving quote API (bsc#1230029)
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-202520858-1/
- https://bugzilla.suse.com/1229952
- https://bugzilla.suse.com/1230029
- https://bugzilla.suse.com/1242623
- https://bugzilla.suse.com/1243861
- https://bugzilla.suse.com/1247193
- https://bugzilla.suse.com/1248006
- https://www.suse.com/security/cve/CVE-2024-12224
- https://www.suse.com/security/cve/CVE-2024-43806
- https://www.suse.com/security/cve/CVE-2024-58266
- https://www.suse.com/security/cve/CVE-2025-3416
- https://www.suse.com/security/cve/CVE-2025-55159