Описание
Recommended update for rust1.94
This update for rust1.94 fixes the following issues:
This update adds rust1.94.
Release notes can be found externally: https://github.com/rust-lang/rust/releases/tag/1.94.0
- CVE-2026-31812: avoid unwrapping varint decoding during parameters parsing (bsc#1259623)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Module for Development Tools 15 SP7
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server 15 SP6-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-RU-2026:1001-1
- E-Mail link for SUSE-RU-2026:1001-1
- SUSE Security Ratings
- SUSE Bug 1259623
- SUSE CVE CVE-2026-31812 page
Описание
Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. Prior to 0.11.14, a remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication. This vulnerability is fixed in 0.11.14.
Затронутые продукты
Ссылки
- CVE-2026-31812
- SUSE Bug 1259620