Описание
Security update for rustup
This update for rustup fixes the following issues:
- CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode (bsc#1243862)
- CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242617)
Список пакетов
SUSE Linux Enterprise Module for Development Tools 15 SP6
rustup-1.26.0~0-150600.10.7.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
rustup-1.26.0~0-150600.10.7.1
openSUSE Leap 15.6
rustup-1.26.0~0-150600.10.7.1
Ссылки
- Link for SUSE-SU-2025:03298-1
- E-Mail link for SUSE-SU-2025:03298-1
- SUSE Security Ratings
- SUSE Bug 1242617
- SUSE Bug 1243862
- SUSE CVE CVE-2024-12224 page
- SUSE CVE CVE-2025-3416 page
Описание
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1
SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1
openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1
Ссылки
- CVE-2024-12224
- SUSE Bug 1243848
Описание
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Затронутые продукты
SUSE Linux Enterprise Module for Development Tools 15 SP6:rustup-1.26.0~0-150600.10.7.1
SUSE Linux Enterprise Module for Development Tools 15 SP7:rustup-1.26.0~0-150600.10.7.1
openSUSE Leap 15.6:rustup-1.26.0~0-150600.10.7.1
Ссылки
- CVE-2025-3416
- SUSE Bug 1242599