SUSE-SU-2025:3784-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20253784-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:3784-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:3784-1
Upstream
  • CVE-2025-5791
Related
Published
2025-10-24T13:28:17Z
Modified
2025-10-24T20:47:30.404867Z
Summary
Security update for afterburn
Details

This update for afterburn fixes the following issues:

Update to version 5.9.0.git21.a73f509.

Security issues fixed:

  • CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
  • CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing (bsc#1243850).
  • CVE-2025-5791: users: root user being appended to group listings whenever listing does not have exactly 1024 groups can lead to privilege escalation when information is used for access control (bsc#1244199).
  • CVE-2025-3416: openssl: passing of Some(...) value as properties argument to Md::fetch or Cipher::fetch can lead to use-after-free (bsc#1242665).

Other issues fixed:

  • Fixed in version 5.9.0.git21.a73f509:

    • cargo: update dependencies
    • microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
    • microsoft/azure: Fix SharedConfig parsing of XML attributes
    • microsoft/azure: Mock goalstate.SharedConfig output in tests
    • providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
    • upcloud: implement UpCloud provider
    • Update several build dependencies

  • Fixed in version 5.9.0:

    • cargo: update dependencies
    • dracut: Return 255 in module-setup
    • oraclecloud: add release note and move base URL to constant
    • oraclecloud: implement oraclecloud provider
    • Update several build dependencies

  • Fixed in version 5.8.2:

    • cargo: update dependencies
    • packit: add initial support

  • Fixed in version 5.7.0.git103.bae893c:

    • proxmoxve: Add more context to log messages.
    • proxmoxve: Remove unneeded fields
    • proxmoxve: Add tests for static network configuration from cloud-init.
    • proxmoxve: Add support for static network configuration from cloud-init.
    • providers/openstack: ignore ec2 metadata if not present
    • proxmox: use noop provider if no configdrive
    • Update several build dependencies

  • Fixed in version 5.7.0:

    • cargo: update dependencies
    • dhcp: replace dbus_proxy with proxy, and zbus traits
    • providers/hetzner: private ipv4 addresses in attributes
    • openstack: Document the two platforms
    • microsoft/azure: allow empty certificate chain in PKCS12 file
    • proxmoxve: implement proxmoxve provider
    • providers/hetzner: fix duplicate attribute prefix
    • lint: silence deadcode warnings
    • lint: address latest lint's from msrv update
    • cargo: update msrv to 1.75
    • providers: Add 'akamai' provider
    • providers/vmware: add missing public functions for non-amd64
    • providers/vmware: Process guestinfo.metadata netplan configuration
    • kubevirt: Run afterburn-hostname service
    • providers: add support for scaleway
    • Move away from deprecated users to uzers
    • providers/hetzner: add support for Hetzner Cloud
    • cargo: update MSRV to 1.71
    • cargo: specify required features for nix dependency
    • openstack: Add attribute OPENSTACKINSTANCEUUID
    • cargo: allow openssl 0.10.46
    • build-sys: Use new tier = 2 for cargo-vendor-filterer
    • cargo: fix minimum version of openssl crate
    • microsoft/crypto/mod: replace deprecated function parse with parse2
    • cli: switch to clap derive
    • cli: add descriptive value names for option arguments in --help
    • cli: have clap require exactly one of --cmdline/--provider
    • providers/*: move endpoint mocking into retry::Client
    • retry/client: move URL parsing into helper function
    • providers/microsoft: import crate::retry
    • providers/microsoft: use stored client for all fetches
    • providers/packet: use stored client for boot checkin
    • initrd: remember to write trailing newline to network kargs file
    • util: drop obsolete 'OEM' terminology
    • Inline variables into format strings
    • Update several build dependencies

  • Fixed in version 5.4.1:

    • cargo: add configuration for cargo-vendor-filterer
    • util: support DHCP option lookup from NetworkManager
    • util: factor out retries of DHCP option lookup
    • util: refactor DHCP option query helper into an enum
    • util: move dnsleasekey_lookup() to a separate module
    • cargo: update MSRV to 1.66
    • cargo: update all packages to fix build error
    • cargo: continue to support openssh-keys 0.5
    • cargo: drop serde_derive crate in favor of serde derive feature
    • cargo: use consistent declaration syntax for slog dependency
    • cargo: drop unused dependencies
    • cargo: continue to support base64 0.13
    • cargo: continue to support mailparse 0.13.8
    • cargo: continue to support clap 3.1
    • cargo: stop enabling LTO in release builds
    • providers/ibmcloud: avoid error if an ssh key not found in metadata
    • systemd: add explicit ordering, after multi-user.target
    • network: fix clippy 1.63.0 lints
    • cargo: allow serde_yaml 0.8
    • cargo: update version ranges for post-1.x deps
    • providers: Use inline format! in a few places
    • *: bump MSRV to 1.58.0
    • cargo: update clap to 3.2.5
    • copr: mark git checkout as safe
    • providers/aws: expose instance availability-zone-id as AWSAVAILABILITYZONE_ID
    • Update several build dependencies

  • Fixed in version 5.3.0:

    • systemd: enable sshkeys on Power VS platform
    • network: Encode information for systemd-networkd-wait-online
    • cargo: update to clap 3.1
    • cargo: enable clap wrap_help feature
    • cli: run clap tests
    • cli: avoid deprecated clap constructs
    • cargo: update to clap 3.0
    • cli: use clap mechanism to require exp subcommand
    • cargo: declare MSRV in Cargo.toml
    • cargo: update to Rust 2021; bump MSRV to 1.56.0
    • copr: abort if specfile fetch fails
    • providers/aws: add AWS_IPV6 attribute
    • providers/aws: bump metadata version to 2021-01-03
    • kubevirt: Add KubeVirt platform support
    • *.service: add/update Documentation field
    • aws/mock_tests: explicitly drop mocks before resetting
    • aws/mock_tests: split out IMDS tests
    • aws/mock_tests: factor out map building
    • *: use RemainAfterExit on all oneshot services
    • Update several build dependencies
References

Affected packages

SUSE:Linux Enterprise Micro 5.5 / afterburn

Package

Name
afterburn
Purl
pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.9.0.git21.a73f509-150500.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "afterburn": "5.9.0.git21.a73f509-150500.3.3.1",
            "afterburn-dracut": "5.9.0.git21.a73f509-150500.3.3.1"
        }
    ]
}