Описание
Security update for snpguest
This update for snpguest fixes the following issues:
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing (bsc#1243869).
- CVE-2025-3416: openssl: use-after-free in
Md::fetchandCipher::fetchwhenSome(...)value is passed to thepropertiesargument (bsc#1242601).
Список пакетов
SUSE Linux Enterprise Module for Server Applications 15 SP6
snpguest-0.3.2-150600.3.6.1
openSUSE Leap 15.6
snpguest-0.3.2-150600.3.6.1
Ссылки
- Link for SUSE-SU-2025:03445-1
- E-Mail link for SUSE-SU-2025:03445-1
- SUSE Security Ratings
- SUSE Bug 1242601
- SUSE Bug 1243869
- SUSE CVE CVE-2024-12224 page
- SUSE CVE CVE-2025-3416 page
Описание
Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1
openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1
Ссылки
- CVE-2024-12224
- SUSE Bug 1243848
Описание
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
Затронутые продукты
SUSE Linux Enterprise Module for Server Applications 15 SP6:snpguest-0.3.2-150600.3.6.1
openSUSE Leap 15.6:snpguest-0.3.2-150600.3.6.1
Ссылки
- CVE-2025-3416
- SUSE Bug 1242599