Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12224 (GCVE-0-2024-12224)
Vulnerability from cvelistv5
Published
2025-05-30 01:16
Modified
2025-05-30 12:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
References
| ► | URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12224",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T12:46:53.443148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:46:56.887Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://crates.io/crates/idna",
"defaultStatus": "unaffected",
"packageName": "idna",
"product": "rust-url",
"repo": "https://github.com/servo/rust-url/",
"vendor": "servo",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "rust"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In applications using \u003ccode\u003eidna\u003c/code\u003e (but not in \u003ccode\u003eidna\u003c/code\u003e \nitself) this may be able to lead to privilege escalation when host name \ncomparison is part of a privilege check and the behavior is combined \nwith a client that resolves domains with such labels instead of treating\n them as errors that preclude DNS resolution / URL fetching and with the\n attacker managing to introduce a DNS entry (and TLS certificate) for an\n \u003ccode\u003exn--\u003c/code\u003e-masked name that turns into the name of the target when processed by \u003ccode\u003eidna\u003c/code\u003e 0.5.0 or earlier.\u003cbr\u003e"
}
],
"value": "In applications using idna (but not in idna \nitself) this may be able to lead to privilege escalation when host name \ncomparison is part of a privilege check and the behavior is combined \nwith a client that resolves domains with such labels instead of treating\n them as errors that preclude DNS resolution / URL fetching and with the\n attacker managing to introduce a DNS entry (and TLS certificate) for an\n xn---masked name that turns into the name of the target when processed by idna 0.5.0 or earlier."
}
],
"datePublic": "2024-12-09T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname."
}
],
"value": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T01:16:47.829Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "idna accepts Punycode labels that do not produce any non-ASCII when decoded",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2024-12224",
"datePublished": "2025-05-30T01:16:47.829Z",
"dateReserved": "2024-12-05T02:50:17.716Z",
"dateUpdated": "2025-05-30T12:46:56.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12224\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2025-05-30T02:15:19.670\",\"lastModified\":\"2025-06-25T15:33:17.667\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n incorrecta de equivalencia insegura en punycode por parte del crate idna de Servo rust-url permite que un atacante cree un nombre de host punycode que una parte de un sistema podr\u00eda tratar como distinto mientras que otra parte de ese sistema tratar\u00eda como equivalente a otro nombre de host.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security@mozilla.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@mozilla.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:servo:idna:*:*:*:*:*:rust:*:*\",\"versionEndExcluding\":\"1.0.0\",\"matchCriteriaId\":\"2A9457A0-7004-4D5E-8C78-07A9BE0E13DA\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\",\"source\":\"security@mozilla.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2024-0421.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12224\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-30T12:46:53.443148Z\"}}}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-30T12:46:47.514Z\"}}], \"cna\": {\"title\": \"idna accepts Punycode labels that do not produce any non-ASCII when decoded\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/servo/rust-url/\", \"vendor\": \"servo\", \"product\": \"rust-url\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.0.0\", \"versionType\": \"rust\"}], \"packageName\": \"idna\", \"collectionURL\": \"https://crates.io/crates/idna\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-12-09T08:00:00.000Z\", \"references\": [{\"url\": \"https://rustsec.org/advisories/RUSTSEC-2024-0421.html\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1887898\", \"tags\": [\"issue-tracking\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"CWE-1289\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"In applications using idna (but not in idna \\nitself) this may be able to lead to privilege escalation when host name \\ncomparison is part of a privilege check and the behavior is combined \\nwith a client that resolves domains with such labels instead of treating\\n them as errors that preclude DNS resolution / URL fetching and with the\\n attacker managing to introduce a DNS entry (and TLS certificate) for an\\n xn---masked name that turns into the name of the target when processed by idna 0.5.0 or earlier.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In applications using \u003ccode\u003eidna\u003c/code\u003e (but not in \u003ccode\u003eidna\u003c/code\u003e \\nitself) this may be able to lead to privilege escalation when host name \\ncomparison is part of a privilege check and the behavior is combined \\nwith a client that resolves domains with such labels instead of treating\\n them as errors that preclude DNS resolution / URL fetching and with the\\n attacker managing to introduce a DNS entry (and TLS certificate) for an\\n \u003ccode\u003exn--\u003c/code\u003e-masked name that turns into the name of the target when processed by \u003ccode\u003eidna\u003c/code\u003e 0.5.0 or earlier.\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2025-05-30T01:16:47.829Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12224\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-30T12:46:56.887Z\", \"dateReserved\": \"2024-12-05T02:50:17.716Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2025-05-30T01:16:47.829Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2024-12224
Vulnerability from fkie_nvd
Published
2025-05-30 02:15
Modified
2025-06-25 15:33
Severity ?
Summary
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1887898 | Exploit, Issue Tracking | |
| security@mozilla.org | https://rustsec.org/advisories/RUSTSEC-2024-0421.html | Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://bugzilla.mozilla.org/show_bug.cgi?id=1887898 | Exploit, Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:servo:idna:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "2A9457A0-7004-4D5E-8C78-07A9BE0E13DA",
"versionEndExcluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname."
},
{
"lang": "es",
"value": "La validaci\u00f3n incorrecta de equivalencia insegura en punycode por parte del crate idna de Servo rust-url permite que un atacante cree un nombre de host punycode que una parte de un sistema podr\u00eda tratar como distinto mientras que otra parte de ese sistema tratar\u00eda como equivalente a otro nombre de host."
}
],
"id": "CVE-2024-12224",
"lastModified": "2025-06-25T15:33:17.667",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@mozilla.org",
"type": "Secondary"
}
]
},
"published": "2025-05-30T02:15:19.670",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1289"
}
],
"source": "security@mozilla.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
suse-su-2025:02810-1
Vulnerability from csaf_suse
Published
2025-08-15 12:51
Modified
2025-08-15 12:51
Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
Patchnames
SUSE-2025-2810,SUSE-SLE-Micro-5.4-2025-2810
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n \n- Update to version 0.2.7+117:\n * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2810,SUSE-SLE-Micro-5.4-2025-2810",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02810-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02810-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502810-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02810-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041229.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210344",
"url": "https://bugzilla.suse.com/1210344"
},
{
"category": "self",
"summary": "SUSE Bug 1223234",
"url": "https://bugzilla.suse.com/1223234"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-08-15T12:51:47Z",
"generator": {
"date": "2025-08-15T12:51:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02810-1",
"initial_release_date": "2025-08-15T12:51:47Z",
"revision_history": [
{
"date": "2025-08-15T12:51:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.ppc64le",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.5.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64",
"product_id": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.7+141-150400.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:47Z",
"details": "important"
}
],
"title": "CVE-2025-58266"
}
]
}
suse-su-2025:20491-1
Vulnerability from csaf_suse
Published
2025-07-11 09:39
Modified
2025-07-11 09:39
Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- CVE-2024-12224: idna: Fixed improper validation in punycode (bsc#1243861)
- Update to version 0.2.7+70:
* build(deps): bump wiremock from 0.6.2 to 0.6.3
* build(deps): bump uuid from 1.16.0 to 1.17.0
* lib: Introduce AgentIdentity structure
* gitignore: Add *.swp and *.orig to be ignored
* build(deps): bump clap from 4.5.38 to 4.5.39
* build(deps): bump tokio from 1.45.0 to 1.45.1
* Unify Push Model structures time formats to UTC (#1016)
* Add Quote related structures to Keylime library
* Remove configuration file trailing whitespaces (#1012)
* keylime-agent.conf: add all accepted TPM encryption algs
* tpm: add policy auth for EK to activate crendential
* Enable non standard key sizes and curves for EK and AK
* config: Use next_back() instead of last() for iterators
* Update to tss-esapi v7.6.0
* Avoid duplicated call to ctx.create_ek
* build(deps): bump clap from 4.5.23 to 4.5.38
* Add registration for Push Model client
* build(deps): bump tokio from 1.44.2 to 1.45.0
* build(deps): bump chrono from 0.4.40 to 0.4.41
* build(deps): bump tempfile from 3.17.1 to 3.20.0
* Refactor code: move error, registration to lib
* Move structure filling and URL selection code (#999)
* build(deps): bump pest_derive from 2.7.15 to 2.8.0
* build(deps): bump pest from 2.7.15 to 2.8.0
* build(deps): bump libc from 0.2.169 to 0.2.172
* Add Evidence/Authentication messages to prototype
* build(deps): bump uuid from 1.15.1 to 1.16.0
* build(deps): bump thiserror from 2.0.11 to 2.0.12
* build(deps): bump signal-hook from 0.3.17 to 0.3.18
* build(deps): bump log from 0.4.25 to 0.4.27
* build(deps): bump assert_cmd from 2.0.16 to 2.0.17
* build(deps): bump actix-web from 4.9.0 to 4.10.2
* build(deps): bump reqwest from 0.12.12 to 0.12.15
* build(deps): bump serde from 1.0.217 to 1.0.219
* Add unit tests for sessions.rs structures
* Add auth(sessions) structures
* Fix minor README.md issue (#988)
* Define EvidenceHandling structures (#971)
* Add mockoon test scenario
* Add client certificates to push-attestation prototype
* Cargo: bump url crate to version 2.5.4
* Add logging to the push attestation prototype
* Do not use certificate on insecure mode
* common: Move the EncryptedData structure from common to the library
* common: Move AuthTag from common to the library
* build(deps): bump openssl from 0.10.71 to 0.10.72
* common: Move Symmkey to library as crypto::symmkey
* common: Remove unused constants and static values
* build(deps): bump tokio from 1.43.0 to 1.44.2
* Refactor code: Include AgentIdentity structure
* Push model prototype
* Add support for ek certificate chain, stored in TPM NVRAM.
* Recover key_class field and set it as "asymmetric"
* Update push model structures to latest values
* build(deps): bump serde_json from 1.0.138 to 1.0.140
* packit: Add identifier for each copr_build job
* keylime-agent.conf: only mention ecdsa and rsassa for signing
* build(deps): bump openssl from 0.10.70 to 0.10.71
* build(deps): bump uuid from 1.13.2 to 1.15.1
* Add capabilities_negotiation structures
* packit: Add compatibility/api_version_compatibility test
* build(deps): bump uuid from 1.11.0 to 1.13.2
* build(deps): bump serde_json from 1.0.135 to 1.0.138
* build(deps): bump thiserror from 2.0.9 to 2.0.11
* build(deps): bump tempfile from 3.14.0 to 3.17.1
* Allow agent to start as non-root
* scripts: Fix coverage information downloading script
* build(deps): bump openssl from 0.10.68 to 0.10.70
* build(deps): bump tokio from 1.42.0 to 1.43.0
- Update to version 0.2.7+1:
* dist: Enable logging for keylime library in the service
* Bump version to 0.2.7
* scripts: Download coverage data from Testing Farm directly
* main: Remove unnecessary lifetime
* cargo: Bump pretty_env_logger to version 0.5.0
* scripts: Fix regex in download_packit_coverage.sh
* cargo: Bump clap crate to version 4.5.23
* cargo: Bump base64 crate to version 0.22.1
* build(deps): bump log from 0.4.22 to 0.4.25
* build(deps): bump serde_json from 1.0.133 to 1.0.135
* cargo: Bump tokio crate to version 1.42.0
* packit: Fix RPM builds on copr
* cargo: Bump thiserror crate to version 0.2.9
* cargo: Update reqwest to version 0.12.12
* build(deps): bump libc from 0.2.168 to 0.2.169
* build(deps): bump glob from 0.3.1 to 0.3.2
* version: Implement API version validation and ordering
* main: Support using multiple API versions for registration
* keylime: Introduce the registrar_client module
* Provide endpoints under multiple API versions
* Move 'serialization' module to the keylime library
* Drop unnecessary dependency on common::API_VERSION
* keylime-agent.conf: Bump version to 2.3
* build(deps): bump serde from 1.0.210 to 1.0.217
* build(deps): bump pest_derive from 2.7.14 to 2.7.15
* build(deps): bump pest from 2.7.14 to 2.7.15
* build(deps): bump libc from 0.2.167 to 0.2.168
* config: Make IAK and IDevID certificates optional
* Fix warnings reported by clippy
* workflows: Run job in the CI container directly
* tests: Add unit test for device ID builder
* main: Move IAK/IDevID related code to dedicated module
* tests: Add script to generate IAK and IDevID certificates
* build(deps): bump openssl from 0.10.66 to 0.10.68
* build(deps): bump uuid from 1.10.0 to 1.11.0
* build(deps): bump serde_json from 1.0.128 to 1.0.133
* build(deps): bump actix-web from 4.5.1 to 4.9.0
* build(deps): bump reqwest from 0.12.7 to 0.12.9
* tests/setup_swtpm.sh: Add script to setup temporary TPM
* Use a single TPM context and avoid race conditions during tests
* config: Enable passing a hostname instead of IP
* build(deps): bump clap from 4.3.11 to 4.5.21
* build(deps): bump tempfile from 3.10.1 to 3.14.0
* build(deps): bump pest_derive from 2.7.6 to 2.7.14
* build(deps): bump pest from 2.7.6 to 2.7.14
* build(deps): bump codecov/codecov-action from 4 to 5
* workflows: Submit the coverage for merged PR from Fedora 41
* tests: Use Fedora 41 to generate code coverage
* api: Make API configuration modular
* agent_handler: Move the /agent scope configuration
* notifications_handler: Move the /notifications scope configuration
* quotes_handler: Move the /quotes scope configuration to quotes_handler
* keys_handler: Move /keys scope configuration to keys_handler
* Use ${DESTDIR} for config
* Fix showing wrong UUID
* build(deps): bump actix-rt from 2.9.0 to 2.10.0
* config: Refactor AgentConfig Source trait implementation
* build(deps): bump log from 0.4.21 to 0.4.22
* build(deps): bump serde_json from 1.0.120 to 1.0.128
* tpm: check if EK certificate has valid ASN.1 DER encoding
* build(deps): bump futures from 0.3.27 to 0.3.31
* cargo: Bump reqwest to version 0.12.7
* build(deps): bump serde from 1.0.203 to 1.0.210
* tests: Add more tests to Packit CI
* build(deps): bump docker/build-push-action from 5 to 6
* tests: apply workarounds to known bugs
Patchnames
SUSE-SLE-Micro-6.0-380
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- CVE-2024-12224: idna: Fixed improper validation in punycode (bsc#1243861)\n\n- Update to version 0.2.7+70: \n * build(deps): bump wiremock from 0.6.2 to 0.6.3\n * build(deps): bump uuid from 1.16.0 to 1.17.0\n * lib: Introduce AgentIdentity structure\n * gitignore: Add *.swp and *.orig to be ignored\n * build(deps): bump clap from 4.5.38 to 4.5.39\n * build(deps): bump tokio from 1.45.0 to 1.45.1\n * Unify Push Model structures time formats to UTC (#1016)\n * Add Quote related structures to Keylime library\n * Remove configuration file trailing whitespaces (#1012)\n * keylime-agent.conf: add all accepted TPM encryption algs\n * tpm: add policy auth for EK to activate crendential\n * Enable non standard key sizes and curves for EK and AK\n * config: Use next_back() instead of last() for iterators\n * Update to tss-esapi v7.6.0\n * Avoid duplicated call to ctx.create_ek\n * build(deps): bump clap from 4.5.23 to 4.5.38\n * Add registration for Push Model client\n * build(deps): bump tokio from 1.44.2 to 1.45.0\n * build(deps): bump chrono from 0.4.40 to 0.4.41\n * build(deps): bump tempfile from 3.17.1 to 3.20.0\n * Refactor code: move error, registration to lib\n * Move structure filling and URL selection code (#999)\n * build(deps): bump pest_derive from 2.7.15 to 2.8.0\n * build(deps): bump pest from 2.7.15 to 2.8.0\n * build(deps): bump libc from 0.2.169 to 0.2.172\n * Add Evidence/Authentication messages to prototype\n * build(deps): bump uuid from 1.15.1 to 1.16.0\n * build(deps): bump thiserror from 2.0.11 to 2.0.12\n * build(deps): bump signal-hook from 0.3.17 to 0.3.18\n * build(deps): bump log from 0.4.25 to 0.4.27\n * build(deps): bump assert_cmd from 2.0.16 to 2.0.17\n * build(deps): bump actix-web from 4.9.0 to 4.10.2\n * build(deps): bump reqwest from 0.12.12 to 0.12.15\n * build(deps): bump serde from 1.0.217 to 1.0.219\n * Add unit tests for sessions.rs structures\n * Add auth(sessions) structures\n * Fix minor README.md issue (#988)\n * Define EvidenceHandling structures (#971)\n * Add mockoon test scenario\n * Add client certificates to push-attestation prototype\n * Cargo: bump url crate to version 2.5.4\n * Add logging to the push attestation prototype\n * Do not use certificate on insecure mode\n * common: Move the EncryptedData structure from common to the library\n * common: Move AuthTag from common to the library\n * build(deps): bump openssl from 0.10.71 to 0.10.72\n * common: Move Symmkey to library as crypto::symmkey\n * common: Remove unused constants and static values\n * build(deps): bump tokio from 1.43.0 to 1.44.2\n * Refactor code: Include AgentIdentity structure\n * Push model prototype\n * Add support for ek certificate chain, stored in TPM NVRAM.\n * Recover key_class field and set it as \"asymmetric\"\n * Update push model structures to latest values\n * build(deps): bump serde_json from 1.0.138 to 1.0.140\n * packit: Add identifier for each copr_build job\n * keylime-agent.conf: only mention ecdsa and rsassa for signing\n * build(deps): bump openssl from 0.10.70 to 0.10.71\n * build(deps): bump uuid from 1.13.2 to 1.15.1\n * Add capabilities_negotiation structures\n * packit: Add compatibility/api_version_compatibility test\n * build(deps): bump uuid from 1.11.0 to 1.13.2\n * build(deps): bump serde_json from 1.0.135 to 1.0.138\n * build(deps): bump thiserror from 2.0.9 to 2.0.11\n * build(deps): bump tempfile from 3.14.0 to 3.17.1\n * Allow agent to start as non-root\n * scripts: Fix coverage information downloading script\n * build(deps): bump openssl from 0.10.68 to 0.10.70\n * build(deps): bump tokio from 1.42.0 to 1.43.0\n\n- Update to version 0.2.7+1:\n * dist: Enable logging for keylime library in the service\n * Bump version to 0.2.7\n * scripts: Download coverage data from Testing Farm directly\n * main: Remove unnecessary lifetime\n * cargo: Bump pretty_env_logger to version 0.5.0\n * scripts: Fix regex in download_packit_coverage.sh\n * cargo: Bump clap crate to version 4.5.23\n * cargo: Bump base64 crate to version 0.22.1\n * build(deps): bump log from 0.4.22 to 0.4.25\n * build(deps): bump serde_json from 1.0.133 to 1.0.135\n * cargo: Bump tokio crate to version 1.42.0\n * packit: Fix RPM builds on copr\n * cargo: Bump thiserror crate to version 0.2.9\n * cargo: Update reqwest to version 0.12.12\n * build(deps): bump libc from 0.2.168 to 0.2.169\n * build(deps): bump glob from 0.3.1 to 0.3.2\n * version: Implement API version validation and ordering\n * main: Support using multiple API versions for registration\n * keylime: Introduce the registrar_client module\n * Provide endpoints under multiple API versions\n * Move \u0027serialization\u0027 module to the keylime library\n * Drop unnecessary dependency on common::API_VERSION\n * keylime-agent.conf: Bump version to 2.3\n * build(deps): bump serde from 1.0.210 to 1.0.217\n * build(deps): bump pest_derive from 2.7.14 to 2.7.15\n * build(deps): bump pest from 2.7.14 to 2.7.15\n * build(deps): bump libc from 0.2.167 to 0.2.168\n * config: Make IAK and IDevID certificates optional\n * Fix warnings reported by clippy\n * workflows: Run job in the CI container directly\n * tests: Add unit test for device ID builder\n * main: Move IAK/IDevID related code to dedicated module\n * tests: Add script to generate IAK and IDevID certificates\n * build(deps): bump openssl from 0.10.66 to 0.10.68\n * build(deps): bump uuid from 1.10.0 to 1.11.0\n * build(deps): bump serde_json from 1.0.128 to 1.0.133\n * build(deps): bump actix-web from 4.5.1 to 4.9.0\n * build(deps): bump reqwest from 0.12.7 to 0.12.9\n * tests/setup_swtpm.sh: Add script to setup temporary TPM\n * Use a single TPM context and avoid race conditions during tests\n * config: Enable passing a hostname instead of IP\n * build(deps): bump clap from 4.3.11 to 4.5.21\n * build(deps): bump tempfile from 3.10.1 to 3.14.0\n * build(deps): bump pest_derive from 2.7.6 to 2.7.14\n * build(deps): bump pest from 2.7.6 to 2.7.14\n * build(deps): bump codecov/codecov-action from 4 to 5\n * workflows: Submit the coverage for merged PR from Fedora 41\n * tests: Use Fedora 41 to generate code coverage\n * api: Make API configuration modular\n * agent_handler: Move the /agent scope configuration\n * notifications_handler: Move the /notifications scope configuration\n * quotes_handler: Move the /quotes scope configuration to quotes_handler\n * keys_handler: Move /keys scope configuration to keys_handler\n * Use ${DESTDIR} for config\n * Fix showing wrong UUID\n * build(deps): bump actix-rt from 2.9.0 to 2.10.0\n * config: Refactor AgentConfig Source trait implementation\n * build(deps): bump log from 0.4.21 to 0.4.22\n * build(deps): bump serde_json from 1.0.120 to 1.0.128\n * tpm: check if EK certificate has valid ASN.1 DER encoding\n * build(deps): bump futures from 0.3.27 to 0.3.31\n * cargo: Bump reqwest to version 0.12.7\n * build(deps): bump serde from 1.0.203 to 1.0.210\n * tests: Add more tests to Packit CI\n * build(deps): bump docker/build-push-action from 5 to 6\n * tests: apply workarounds to known bugs\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-380",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20491-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20491-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520491-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20491-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040930.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-07-11T09:39:57Z",
"generator": {
"date": "2025-07-11T09:39:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20491-1",
"initial_release_date": "2025-07-11T09:39:57Z",
"revision_history": [
{
"date": "2025-07-11T09:39:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-1.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+70-1.1.aarch64",
"product_id": "rust-keylime-0.2.7+70-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-1.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+70-1.1.s390x",
"product_id": "rust-keylime-0.2.7+70-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-1.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+70-1.1.x86_64",
"product_id": "rust-keylime-0.2.7+70-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+70-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+70-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+70-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.aarch64",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.s390x",
"SUSE Linux Micro 6.0:rust-keylime-0.2.7+70-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-11T09:39:57Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
suse-su-2025:02809-1
Vulnerability from csaf_suse
Published
2025-08-15 12:51
Modified
2025-08-15 12:51
Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
Patchnames
SUSE-2025-2809,SUSE-SLE-Micro-5.3-2025-2809
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n \n- Update to version 0.2.7+117:\n * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2809,SUSE-SLE-Micro-5.3-2025-2809",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02809-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02809-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502809-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02809-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041230.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210344",
"url": "https://bugzilla.suse.com/1210344"
},
{
"category": "self",
"summary": "SUSE Bug 1223234",
"url": "https://bugzilla.suse.com/1223234"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-08-15T12:51:37Z",
"generator": {
"date": "2025-08-15T12:51:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02809-1",
"initial_release_date": "2025-08-15T12:51:37Z",
"revision_history": [
{
"date": "2025-08-15T12:51:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.ppc64le",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150400.3.7.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+141-150400.3.7.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64",
"product_id": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+141-150400.3.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.s390x",
"SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.7+141-150400.3.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:37Z",
"details": "important"
}
],
"title": "CVE-2025-58266"
}
]
}
suse-su-2025:02768-1
Vulnerability from csaf_suse
Published
2025-08-12 13:01
Modified
2025-08-12 13:01
Summary
Security update for sccache
Notes
Title of the patch
Security update for sccache
Description of the patch
This update for sccache fixes the following issues:
- Update to version 0.4.2~4:
- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243868)
Patchnames
SUSE-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2768,openSUSE-SLE-15.6-2025-2768
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sccache",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sccache fixes the following issues:\n\n- Update to version 0.4.2~4:\n- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243868)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP6-2025-2768,SUSE-SLE-Module-Development-Tools-15-SP7-2025-2768,openSUSE-SLE-15.6-2025-2768",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02768-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02768-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502768-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02768-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041175.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243868",
"url": "https://bugzilla.suse.com/1243868"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Security update for sccache",
"tracking": {
"current_release_date": "2025-08-12T13:01:12Z",
"generator": {
"date": "2025-08-12T13:01:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02768-1",
"initial_release_date": "2025-08-12T13:01:12Z",
"revision_history": [
{
"date": "2025-08-12T13:01:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"product_id": "sccache-0.4.2~4-150600.10.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.i586",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.i586",
"product_id": "sccache-0.4.2~4-150600.10.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"product_id": "sccache-0.4.2~4-150600.10.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.s390x",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x",
"product_id": "sccache-0.4.2~4-150600.10.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"product": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"product_id": "sccache-0.4.2~4-150600.10.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~4-150600.10.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~4-150600.10.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:sccache-0.4.2~4-150600.10.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15 SP7:sccache-0.4.2~4-150600.10.3.1.x86_64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.aarch64",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.ppc64le",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.s390x",
"openSUSE Leap 15.6:sccache-0.4.2~4-150600.10.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-12T13:01:12Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
suse-ru-2025:02204-1
Vulnerability from csaf_suse
Published
2025-07-02 13:42
Modified
2025-07-02 13:42
Summary
Recommended update for aws-nitro-enclaves-cli
Notes
Title of the patch
Recommended update for aws-nitro-enclaves-cli
Description of the patch
This update for aws-nitro-enclaves-cli fixes the following issues:
- Fix idna accepts Punycode labels that
do not produce any non-ASCII when decoded (bsc#1243859)
- Update to version 1.4.2
- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6
- Update to version 1.3.3~git0.afb7264
- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a
Patchnames
SUSE-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-2204,openSUSE-SLE-15.6-2025-2204
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for aws-nitro-enclaves-cli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for aws-nitro-enclaves-cli fixes the following issues:\n\n- Fix idna accepts Punycode labels that \n do not produce any non-ASCII when decoded (bsc#1243859) \n- Update to version 1.4.2\n- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6\n- Update to version 1.3.3~git0.afb7264\n- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP6-2025-2204,SUSE-SLE-Module-Public-Cloud-15-SP7-2025-2204,openSUSE-SLE-15.6-2025-2204",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2025_02204-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2025:02204-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-202502204-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2025:02204-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040592.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243859",
"url": "https://bugzilla.suse.com/1243859"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Recommended update for aws-nitro-enclaves-cli",
"tracking": {
"current_release_date": "2025-07-02T13:42:39Z",
"generator": {
"date": "2025-07-02T13:42:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2025:02204-1",
"initial_release_date": "2025-07-02T13:42:39Z",
"revision_history": [
{
"date": "2025-07-02T13:42:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP7:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150600.10.6.1.x86_64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.aarch64",
"openSUSE Leap 15.6:system-group-ne-1.4.2~git0.6e8512e-150600.10.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-02T13:42:39Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
suse-ru-2025:02203-1
Vulnerability from csaf_suse
Published
2025-07-02 13:42
Modified
2025-07-02 13:42
Summary
Recommended update for aws-nitro-enclaves-cli
Notes
Title of the patch
Recommended update for aws-nitro-enclaves-cli
Description of the patch
This update for aws-nitro-enclaves-cli fixes the following issues:
- Fix idna accepts Punycode labels that
do not produce any non-ASCII when decoded (bsc#1243859)
- Update to version 1.4.2
- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6
- Update to version 1.3.3~git0.afb7264
- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a
Patchnames
SUSE-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-2203
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for aws-nitro-enclaves-cli",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for aws-nitro-enclaves-cli fixes the following issues:\n\n- Fix idna accepts Punycode labels that\n do not produce any non-ASCII when decoded (bsc#1243859)\n- Update to version 1.4.2\n- Update aws-nitro-enclaves-sdk-bootstrap to version f718dea6\n- Update to version 1.3.3~git0.afb7264\n- Update aws-nitro-enclaves-sdk-bootstrap to version 7797d39a\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP4-2025-2203,SUSE-SLE-Module-Public-Cloud-15-SP5-2025-2203",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2025_02203-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2025:02203-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-202502203-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2025:02203-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-July/040593.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243859",
"url": "https://bugzilla.suse.com/1243859"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Recommended update for aws-nitro-enclaves-cli",
"tracking": {
"current_release_date": "2025-07-02T13:42:27Z",
"generator": {
"date": "2025-07-02T13:42:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2025:02203-1",
"initial_release_date": "2025-07-02T13:42:27Z",
"revision_history": [
{
"date": "2025-07-02T13:42:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product_id": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product_id": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"product_id": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
},
"product_reference": "system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-binaryblobs-upstream-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:aws-nitro-enclaves-cli-1.4.2~git0.6e8512e-150400.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP5:system-group-ne-1.4.2~git0.6e8512e-150400.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-02T13:42:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
suse-su-2025:02586-1
Vulnerability from csaf_suse
Published
2025-08-01 08:49
Modified
2025-08-01 08:49
Summary
Security update for rav1e
Notes
Title of the patch
Security update for rav1e
Description of the patch
This update for rav1e fixes the following issues:
- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855)
Patchnames
SUSE-2025-2586,SUSE-SLE-Module-Basesystem-15-SP6-2025-2586,SUSE-SLE-Module-Basesystem-15-SP7-2025-2586,openSUSE-SLE-15.6-2025-2586
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rav1e",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rav1e fixes the following issues:\n\n- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243855)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2586,SUSE-SLE-Module-Basesystem-15-SP6-2025-2586,SUSE-SLE-Module-Basesystem-15-SP7-2025-2586,openSUSE-SLE-15.6-2025-2586",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02586-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02586-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502586-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02586-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/040996.html"
},
{
"category": "self",
"summary": "SUSE Bug 1243855",
"url": "https://bugzilla.suse.com/1243855"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "Security update for rav1e",
"tracking": {
"current_release_date": "2025-08-01T08:49:06Z",
"generator": {
"date": "2025-08-01T08:49:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02586-1",
"initial_release_date": "2025-08-01T08:49:06Z",
"revision_history": [
{
"date": "2025-08-01T08:49:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.aarch64",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.aarch64",
"product_id": "rav1e-0.6.6-150600.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-64bit-0.6.6-150600.3.3.1.aarch64_ilp32",
"product": {
"name": "librav1e0_6-64bit-0.6.6-150600.3.3.1.aarch64_ilp32",
"product_id": "librav1e0_6-64bit-0.6.6-150600.3.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.i586",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.i586",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.i586",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.i586",
"product_id": "rav1e-0.6.6-150600.3.3.1.i586"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.i586",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.i586",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.ppc64le",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.ppc64le",
"product_id": "rav1e-0.6.6-150600.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.s390x",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.s390x",
"product_id": "rav1e-0.6.6-150600.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.s390x",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.s390x",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"product_id": "librav1e0_6-0.6.6-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"product_id": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rav1e-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "rav1e-0.6.6-150600.3.3.1.x86_64",
"product_id": "rav1e-0.6.6-150600.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.6.6-150600.3.3.1.x86_64",
"product": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.x86_64",
"product_id": "rav1e-devel-0.6.6-150600.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "rav1e-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.6.6-150600.3.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
},
"product_reference": "rav1e-devel-0.6.6-150600.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:librav1e0_6-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:librav1e0_6-32bit-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-0.6.6-150600.3.3.1.x86_64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.aarch64",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.ppc64le",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.s390x",
"openSUSE Leap 15.6:rav1e-devel-0.6.6-150600.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-01T08:49:06Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
suse-su-2025:02811-1
Vulnerability from csaf_suse
Published
2025-08-15 12:51
Modified
2025-08-15 12:51
Summary
Security update for rust-keylime
Notes
Title of the patch
Security update for rust-keylime
Description of the patch
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
Patchnames
SUSE-2025-2811,SUSE-SLE-Micro-5.5-2025-2811
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rust-keylime",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n \n- Update to version 0.2.7+117:\n * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-2811,SUSE-SLE-Micro-5.5-2025-2811",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_02811-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:02811-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502811-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:02811-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-August/041228.html"
},
{
"category": "self",
"summary": "SUSE Bug 1210344",
"url": "https://bugzilla.suse.com/1210344"
},
{
"category": "self",
"summary": "SUSE Bug 1223234",
"url": "https://bugzilla.suse.com/1223234"
},
{
"category": "self",
"summary": "SUSE Bug 1229952",
"url": "https://bugzilla.suse.com/1229952"
},
{
"category": "self",
"summary": "SUSE Bug 1230029",
"url": "https://bugzilla.suse.com/1230029"
},
{
"category": "self",
"summary": "SUSE Bug 1242623",
"url": "https://bugzilla.suse.com/1242623"
},
{
"category": "self",
"summary": "SUSE Bug 1243861",
"url": "https://bugzilla.suse.com/1243861"
},
{
"category": "self",
"summary": "SUSE Bug 1247193",
"url": "https://bugzilla.suse.com/1247193"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-32650 page",
"url": "https://www.suse.com/security/cve/CVE-2024-32650/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3416 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3416/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58266 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58266/"
}
],
"title": "Security update for rust-keylime",
"tracking": {
"current_release_date": "2025-08-15T12:51:54Z",
"generator": {
"date": "2025-08-15T12:51:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:02811-1",
"initial_release_date": "2025-08-15T12:51:54Z",
"revision_history": [
{
"date": "2025-08-15T12:51:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+141-150500.3.5.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+141-150500.3.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64",
"product_id": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+141-150500.3.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
},
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-32650",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-32650"
}
],
"notes": [
{
"category": "general",
"text": "Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server\u0027s `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-32650",
"url": "https://www.suse.com/security/cve/CVE-2024-32650"
},
{
"category": "external",
"summary": "SUSE Bug 1223211 for CVE-2024-32650",
"url": "https://bugzilla.suse.com/1223211"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "important"
}
],
"title": "CVE-2024-32650"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
},
{
"cve": "CVE-2025-3416",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3416"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in OpenSSL\u0027s handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3416",
"url": "https://www.suse.com/security/cve/CVE-2025-3416"
},
{
"category": "external",
"summary": "SUSE Bug 1242599 for CVE-2025-3416",
"url": "https://bugzilla.suse.com/1242599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "low"
}
],
"title": "CVE-2025-3416"
},
{
"cve": "CVE-2025-58266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58266",
"url": "https://www.suse.com/security/cve/CVE-2025-58266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.s390x",
"SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.7+141-150500.3.5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T12:51:54Z",
"details": "important"
}
],
"title": "CVE-2025-58266"
}
]
}
opensuse-su-2025:15201-1
Vulnerability from csaf_opensuse
Published
2025-06-04 00:00
Modified
2025-06-04 00:00
Summary
python311-nh3-0.2.17-2.1 on GA media
Notes
Title of the patch
python311-nh3-0.2.17-2.1 on GA media
Description of the patch
These are all security issues fixed in the python311-nh3-0.2.17-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15201
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-nh3-0.2.17-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-nh3-0.2.17-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15201",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15201-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "python311-nh3-0.2.17-2.1 on GA media",
"tracking": {
"current_release_date": "2025-06-04T00:00:00Z",
"generator": {
"date": "2025-06-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15201-1",
"initial_release_date": "2025-06-04T00:00:00Z",
"revision_history": [
{
"date": "2025-06-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.aarch64",
"product": {
"name": "python311-nh3-0.2.17-2.1.aarch64",
"product_id": "python311-nh3-0.2.17-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.aarch64",
"product": {
"name": "python312-nh3-0.2.17-2.1.aarch64",
"product_id": "python312-nh3-0.2.17-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.aarch64",
"product": {
"name": "python313-nh3-0.2.17-2.1.aarch64",
"product_id": "python313-nh3-0.2.17-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.ppc64le",
"product": {
"name": "python311-nh3-0.2.17-2.1.ppc64le",
"product_id": "python311-nh3-0.2.17-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.ppc64le",
"product": {
"name": "python312-nh3-0.2.17-2.1.ppc64le",
"product_id": "python312-nh3-0.2.17-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.ppc64le",
"product": {
"name": "python313-nh3-0.2.17-2.1.ppc64le",
"product_id": "python313-nh3-0.2.17-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.s390x",
"product": {
"name": "python311-nh3-0.2.17-2.1.s390x",
"product_id": "python311-nh3-0.2.17-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.s390x",
"product": {
"name": "python312-nh3-0.2.17-2.1.s390x",
"product_id": "python312-nh3-0.2.17-2.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.s390x",
"product": {
"name": "python313-nh3-0.2.17-2.1.s390x",
"product_id": "python313-nh3-0.2.17-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-nh3-0.2.17-2.1.x86_64",
"product": {
"name": "python311-nh3-0.2.17-2.1.x86_64",
"product_id": "python311-nh3-0.2.17-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-nh3-0.2.17-2.1.x86_64",
"product": {
"name": "python312-nh3-0.2.17-2.1.x86_64",
"product_id": "python312-nh3-0.2.17-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-nh3-0.2.17-2.1.x86_64",
"product": {
"name": "python313-nh3-0.2.17-2.1.x86_64",
"product_id": "python313-nh3-0.2.17-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64"
},
"product_reference": "python311-nh3-0.2.17-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le"
},
"product_reference": "python311-nh3-0.2.17-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x"
},
"product_reference": "python311-nh3-0.2.17-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-nh3-0.2.17-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64"
},
"product_reference": "python311-nh3-0.2.17-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64"
},
"product_reference": "python312-nh3-0.2.17-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le"
},
"product_reference": "python312-nh3-0.2.17-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x"
},
"product_reference": "python312-nh3-0.2.17-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-nh3-0.2.17-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64"
},
"product_reference": "python312-nh3-0.2.17-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64"
},
"product_reference": "python313-nh3-0.2.17-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le"
},
"product_reference": "python313-nh3-0.2.17-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x"
},
"product_reference": "python313-nh3-0.2.17-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-nh3-0.2.17-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
},
"product_reference": "python313-nh3-0.2.17-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python311-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python312-nh3-0.2.17-2.1.x86_64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.aarch64",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.ppc64le",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.s390x",
"openSUSE Tumbleweed:python313-nh3-0.2.17-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
opensuse-su-2025:15202-1
Vulnerability from csaf_opensuse
Published
2025-06-04 00:00
Modified
2025-06-04 00:00
Summary
python311-selenium-4.25.0-5.1 on GA media
Notes
Title of the patch
python311-selenium-4.25.0-5.1 on GA media
Description of the patch
These are all security issues fixed in the python311-selenium-4.25.0-5.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15202
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-selenium-4.25.0-5.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-selenium-4.25.0-5.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15202",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15202-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "python311-selenium-4.25.0-5.1 on GA media",
"tracking": {
"current_release_date": "2025-06-04T00:00:00Z",
"generator": {
"date": "2025-06-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15202-1",
"initial_release_date": "2025-06-04T00:00:00Z",
"revision_history": [
{
"date": "2025-06-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.aarch64",
"product": {
"name": "python311-selenium-4.25.0-5.1.aarch64",
"product_id": "python311-selenium-4.25.0-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.aarch64",
"product": {
"name": "python312-selenium-4.25.0-5.1.aarch64",
"product_id": "python312-selenium-4.25.0-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.aarch64",
"product": {
"name": "python313-selenium-4.25.0-5.1.aarch64",
"product_id": "python313-selenium-4.25.0-5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.ppc64le",
"product": {
"name": "python311-selenium-4.25.0-5.1.ppc64le",
"product_id": "python311-selenium-4.25.0-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.ppc64le",
"product": {
"name": "python312-selenium-4.25.0-5.1.ppc64le",
"product_id": "python312-selenium-4.25.0-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.ppc64le",
"product": {
"name": "python313-selenium-4.25.0-5.1.ppc64le",
"product_id": "python313-selenium-4.25.0-5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.s390x",
"product": {
"name": "python311-selenium-4.25.0-5.1.s390x",
"product_id": "python311-selenium-4.25.0-5.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.s390x",
"product": {
"name": "python312-selenium-4.25.0-5.1.s390x",
"product_id": "python312-selenium-4.25.0-5.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.s390x",
"product": {
"name": "python313-selenium-4.25.0-5.1.s390x",
"product_id": "python313-selenium-4.25.0-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-selenium-4.25.0-5.1.x86_64",
"product": {
"name": "python311-selenium-4.25.0-5.1.x86_64",
"product_id": "python311-selenium-4.25.0-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-selenium-4.25.0-5.1.x86_64",
"product": {
"name": "python312-selenium-4.25.0-5.1.x86_64",
"product_id": "python312-selenium-4.25.0-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-selenium-4.25.0-5.1.x86_64",
"product": {
"name": "python313-selenium-4.25.0-5.1.x86_64",
"product_id": "python313-selenium-4.25.0-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64"
},
"product_reference": "python311-selenium-4.25.0-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le"
},
"product_reference": "python311-selenium-4.25.0-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x"
},
"product_reference": "python311-selenium-4.25.0-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-selenium-4.25.0-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64"
},
"product_reference": "python311-selenium-4.25.0-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64"
},
"product_reference": "python312-selenium-4.25.0-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le"
},
"product_reference": "python312-selenium-4.25.0-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x"
},
"product_reference": "python312-selenium-4.25.0-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-selenium-4.25.0-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64"
},
"product_reference": "python312-selenium-4.25.0-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64"
},
"product_reference": "python313-selenium-4.25.0-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le"
},
"product_reference": "python313-selenium-4.25.0-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x"
},
"product_reference": "python313-selenium-4.25.0-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-selenium-4.25.0-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
},
"product_reference": "python313-selenium-4.25.0-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python311-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python312-selenium-4.25.0-5.1.x86_64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.aarch64",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.ppc64le",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.s390x",
"openSUSE Tumbleweed:python313-selenium-4.25.0-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-06-04T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
opensuse-su-2025:15294-1
Vulnerability from csaf_opensuse
Published
2025-07-03 00:00
Modified
2025-07-03 00:00
Summary
keylime-ima-policy-0.2.7+70-2.1 on GA media
Notes
Title of the patch
keylime-ima-policy-0.2.7+70-2.1 on GA media
Description of the patch
These are all security issues fixed in the keylime-ima-policy-0.2.7+70-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15294
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "keylime-ima-policy-0.2.7+70-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the keylime-ima-policy-0.2.7+70-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15294",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15294-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-43806 page",
"url": "https://www.suse.com/security/cve/CVE-2024-43806/"
}
],
"title": "keylime-ima-policy-0.2.7+70-2.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15294-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.aarch64",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.aarch64",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.aarch64",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.aarch64",
"product_id": "rust-keylime-0.2.7+70-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.ppc64le",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.ppc64le",
"product_id": "rust-keylime-0.2.7+70-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.s390x",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.s390x",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.s390x"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.s390x",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.s390x",
"product_id": "rust-keylime-0.2.7+70-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "keylime-ima-policy-0.2.7+70-2.1.x86_64",
"product": {
"name": "keylime-ima-policy-0.2.7+70-2.1.x86_64",
"product_id": "keylime-ima-policy-0.2.7+70-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "rust-keylime-0.2.7+70-2.1.x86_64",
"product": {
"name": "rust-keylime-0.2.7+70-2.1.x86_64",
"product_id": "rust-keylime-0.2.7+70-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "keylime-ima-policy-0.2.7+70-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64"
},
"product_reference": "keylime-ima-policy-0.2.7+70-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rust-keylime-0.2.7+70-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
},
"product_reference": "rust-keylime-0.2.7+70-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
},
{
"cve": "CVE-2024-43806",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-43806"
}
],
"notes": [
{
"category": "general",
"text": "Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using `rustix::fs::Dir` using the `linux_raw` backend, it\u0027s possible for the iterator to \"get stuck\" when an IO error is encountered. Combined with a memory over-allocation issue in `rustix::fs::Dir::read_more`, this can cause quick and unbounded memory explosion (gigabytes in a few seconds if used on a hot path) and eventually lead to an OOM crash of the application. The symptoms were initially discovered in https://github.com/imsnif/bandwhich/issues/284. That post has lots of details of our investigation. Full details can be read on the GHSA-c827-hfw6-qwvm repo advisory. If a program tries to access a directory with its file descriptor after the file has been unlinked (or any other action that leaves the `Dir` iterator in the stuck state), and the implementation does not break after seeing an error, it can cause a memory explosion. As an example, Linux\u0027s various virtual file systems (e.g. `/proc`, `/sys`) can contain directories that spontaneously pop in and out of existence. Attempting to iterate over them using `rustix::fs::Dir` directly or indirectly (e.g. with the `procfs` crate) can trigger this fault condition if the implementation decides to continue on errors. An attacker knowledgeable about the implementation details of a vulnerable target can therefore try to trigger this fault condition via any one or a combination of several available APIs. If successful, the application host will quickly run out of memory, after which the application will likely be terminated by an OOM killer, leading to denial of service. This issue has been addressed in release versions 0.35.15, 0.36.16, 0.37.25, and 0.38.19. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-43806",
"url": "https://www.suse.com/security/cve/CVE-2024-43806"
},
{
"category": "external",
"summary": "SUSE Bug 1229376 for CVE-2024-43806",
"url": "https://bugzilla.suse.com/1229376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:keylime-ima-policy-0.2.7+70-2.1.x86_64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.aarch64",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.ppc64le",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.s390x",
"openSUSE Tumbleweed:rust-keylime-0.2.7+70-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-43806"
}
]
}
opensuse-su-2025:15353-1
Vulnerability from csaf_opensuse
Published
2025-07-17 00:00
Modified
2025-07-17 00:00
Summary
rustup-1.28.2~0-1.1 on GA media
Notes
Title of the patch
rustup-1.28.2~0-1.1 on GA media
Description of the patch
These are all security issues fixed in the rustup-1.28.2~0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15353
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rustup-1.28.2~0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rustup-1.28.2~0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15353",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15353-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-12224 page",
"url": "https://www.suse.com/security/cve/CVE-2024-12224/"
}
],
"title": "rustup-1.28.2~0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-17T00:00:00Z",
"generator": {
"date": "2025-07-17T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15353-1",
"initial_release_date": "2025-07-17T00:00:00Z",
"revision_history": [
{
"date": "2025-07-17T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-1.1.aarch64",
"product": {
"name": "rustup-1.28.2~0-1.1.aarch64",
"product_id": "rustup-1.28.2~0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-1.1.ppc64le",
"product": {
"name": "rustup-1.28.2~0-1.1.ppc64le",
"product_id": "rustup-1.28.2~0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-1.1.s390x",
"product": {
"name": "rustup-1.28.2~0-1.1.s390x",
"product_id": "rustup-1.28.2~0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.28.2~0-1.1.x86_64",
"product": {
"name": "rustup-1.28.2~0-1.1.x86_64",
"product_id": "rustup-1.28.2~0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-1.1.aarch64"
},
"product_reference": "rustup-1.28.2~0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-1.1.ppc64le"
},
"product_reference": "rustup-1.28.2~0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-1.1.s390x"
},
"product_reference": "rustup-1.28.2~0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.28.2~0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-1.1.x86_64"
},
"product_reference": "rustup-1.28.2~0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-12224"
}
],
"notes": [
{
"category": "general",
"text": "Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.aarch64",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.s390x",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-12224",
"url": "https://www.suse.com/security/cve/CVE-2024-12224"
},
{
"category": "external",
"summary": "SUSE Bug 1243848 for CVE-2024-12224",
"url": "https://bugzilla.suse.com/1243848"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.aarch64",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.s390x",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.aarch64",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.s390x",
"openSUSE Tumbleweed:rustup-1.28.2~0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-17T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-12224"
}
]
}
ghsa-h97m-ww89-6jmq
Vulnerability from github
Published
2024-12-09 20:41
Modified
2025-05-30 15:01
Severity ?
VLAI Severity ?
Summary
`idna` accepts Punycode labels that do not produce any non-ASCII when decoded
Details
idna 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with idna 0.5.0 or earlier.
Concretely, example.org and xn--example-.org become equal after processing by idna 0.5.0 or earlier. Also, example.org.xn-- and example.org. become equal after processing by idna 0.5.0 or earlier.
In applications using idna (but not in idna itself) this may be able to lead to privilege escalation when host name comparison is part of a privilege check and the behavior is combined with a client that resolves domains with such labels instead of treating them as errors that preclude DNS resolution / URL fetching and with the attacker managing to introduce a DNS entry (and TLS certificate) for an xn---masked name that turns into the name of the target when processed by idna 0.5.0 or earlier.
Remedy
Upgrade to idna 1.0.3 or later, if depending on idna directly, or to url 2.5.4 or later, if depending on idna via url. (This issue was fixed in idna 1.0.0, but versions earlier than 1.0.3 are not recommended for other reasons.)
When upgrading, please take a moment to read about alternative Unicode back ends for idna.
If you are using Rust earlier than 1.81 in combination with SQLx 0.8.2 or earlier, please also read an issue about combining them with url 2.5.4 and idna 1.0.3.
Additional information
This issue resulted from idna 0.5.0 and earlier implementing the UTS 46 specification literally on this point and the specification having this bug. The specification bug has been fixed in revision 33 of UTS 46.
Acknowledgements
Thanks to kageshiron for recognizing the security implications of this behavior.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "idna"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12224"
],
"database_specific": {
"cwe_ids": [
"CWE-1289",
"CWE-697"
],
"github_reviewed": true,
"github_reviewed_at": "2024-12-09T20:41:10Z",
"nvd_published_at": "2025-05-30T02:15:19Z",
"severity": "MODERATE"
},
"details": "`idna` 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with `idna` 0.5.0 or earlier.\n\nConcretely, `example.org` and `xn--example-.org` become equal after processing by `idna` 0.5.0 or earlier. Also, `example.org.xn--` and `example.org.` become equal after processing by `idna` 0.5.0 or earlier.\n\nIn applications using `idna` (but not in `idna` itself) this may be able to lead to privilege escalation when host name comparison is part of a privilege check and the behavior is combined with a client that resolves domains with such labels instead of treating them as errors that preclude DNS resolution / URL fetching and with the attacker managing to introduce a DNS entry (and TLS certificate) for an `xn--`-masked name that turns into the name of the target when processed by `idna` 0.5.0 or earlier.\n\n## Remedy\n\nUpgrade to `idna` 1.0.3 or later, if depending on `idna` directly, or to `url` 2.5.4 or later, if depending on `idna` via `url`. (This issue was fixed in `idna` 1.0.0, but versions earlier than 1.0.3 are not recommended for other reasons.)\n\nWhen upgrading, please take a moment to read about [alternative Unicode back ends for `idna`](https://docs.rs/crate/idna_adapter/latest).\n\nIf you are using Rust earlier than 1.81 in combination with SQLx 0.8.2 or earlier, please also read an [issue](https://github.com/servo/rust-url/issues/992) about combining them with `url` 2.5.4 and `idna` 1.0.3.\n\n## Additional information\n\nThis issue resulted from `idna` 0.5.0 and earlier implementing the UTS 46 specification literally on this point and the specification having this bug. The specification bug has been fixed in [revision 33 of UTS 46](https://www.unicode.org/reports/tr46/tr46-33.html#Modifications).\n\n## Acknowledgements\n\nThanks to kageshiron for recognizing the security implications of this behavior.",
"id": "GHSA-h97m-ww89-6jmq",
"modified": "2025-05-30T15:01:30Z",
"published": "2024-12-09T20:41:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12224"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1887898"
},
{
"type": "PACKAGE",
"url": "https://github.com/servo/rust-url"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0421.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "`idna` accepts Punycode labels that do not produce any non-ASCII when decoded"
}
wid-sec-w-2025-0686
Vulnerability from csaf_certbund
Published
2025-04-02 22:00
Modified
2025-04-02 22:00
Summary
IBM DataPower Gateway: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das DataPower Gateway ist eine Software zur Unterstützung von Unternehmen bei der Erfüllung der Sicherheits- und Integrationsanforderungen.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuführen, oder seine Privilegien zu erweitern.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das DataPower Gateway ist eine Software zur Unterst\u00fctzung von Unternehmen bei der Erf\u00fcllung der Sicherheits- und Integrationsanforderungen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM DataPower Gateway ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, oder seine Privilegien zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0686 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0686.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0686 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0686"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229938"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-02",
"url": "https://www.ibm.com/support/pages/node/7229939"
}
],
"source_lang": "en-US",
"title": "IBM DataPower Gateway: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-02T22:00:00.000+00:00",
"generator": {
"date": "2025-04-03T08:44:46.510+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0686",
"initial_release_date": "2025-04-02T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-02T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.6.3",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.3",
"product_id": "T042328"
}
},
{
"category": "product_version",
"name": "10.6.3",
"product": {
"name": "IBM DataPower Gateway 10.6.3",
"product_id": "T042328-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.5.0.16",
"product": {
"name": "IBM DataPower Gateway \u003c10.5.0.16",
"product_id": "T042329"
}
},
{
"category": "product_version",
"name": "10.5.0.16",
"product": {
"name": "IBM DataPower Gateway 10.5.0.16",
"product_id": "T042329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.5.0.16"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.6.0.4",
"product": {
"name": "IBM DataPower Gateway \u003c10.6.0.4",
"product_id": "T042330"
}
},
{
"category": "product_version",
"name": "10.6.0.4",
"product": {
"name": "IBM DataPower Gateway 10.6.0.4",
"product_id": "T042330-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:datapower_gateway:10.6.0.4"
}
}
}
],
"category": "product_name",
"name": "DataPower Gateway"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-11738",
"product_status": {
"known_affected": [
"T042328",
"T042329",
"T042330"
]
},
"release_date": "2025-04-02T22:00:00.000+00:00",
"title": "CVE-2024-11738"
},
{
"cve": "CVE-2024-12224",
"product_status": {
"known_affected": [
"T042328",
"T042329",
"T042330"
]
},
"release_date": "2025-04-02T22:00:00.000+00:00",
"title": "CVE-2024-12224"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…