Описание
Security update for python-maturin
This update for python-maturin fixes the following issues:
- CVE-2025-3416: openssl: use-after-free in
Md::fetchandCipher::fetchwhenSome(...)value passed aspropertiesargument to either function (bsc#1242631). - CVE-2025-4574: crossbeam-channel: double-free leading to possible memory corruption in
Channel::dropwhen dropping a channel (bsc#1243177).
Список пакетов
openSUSE Leap 15.6
python311-maturin-1.4.0-150600.3.6.1
Ссылки
- Link for SUSE-SU-2025:01591-1
- E-Mail link for SUSE-SU-2025:01591-1
- SUSE Security Ratings
- SUSE Bug 1242631
- SUSE Bug 1243177
- SUSE CVE CVE-2025-3416 page
- SUSE CVE CVE-2025-4574 page
Описание
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Затронутые продукты
openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.6.1
Ссылки
- CVE-2025-3416
- SUSE Bug 1242599
Описание
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
Затронутые продукты
openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.6.1
Ссылки
- CVE-2025-4574
- SUSE Bug 1243169