Описание
Security update for sevctl
This update for sevctl fixes the following issues:
- CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. (bsc#1243860)
- CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch (bsc#1242618)
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP7
sevctl-0.6.0-150700.3.3.1
Ссылки
- Link for SUSE-SU-2025:03306-1
- E-Mail link for SUSE-SU-2025:03306-1
- SUSE Security Ratings
- SUSE Bug 1242618
- SUSE Bug 1243860
- SUSE CVE CVE-2024-12224 page
- SUSE CVE CVE-2025-3416 page
Описание
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1
Ссылки
- CVE-2024-12224
- SUSE Bug 1243848
Описание
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP7:sevctl-0.6.0-150700.3.3.1
Ссылки
- CVE-2025-3416
- SUSE Bug 1242599