Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0806-1

Опубликовано: 04 мар. 2026
Источник: suse-cvrf

Описание

Security update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration

This update for wicked2nm,suse-migration-services,suse-migration-sle16-activation,SLES16-Migration,SLES16-SAP_Migration fixes the following issues:

Changes for SLES16-SAP_Migration:

  • Bump version: 2.1.30

Changes for SLES16-Migration:

  • Bump version: 2.1.30

Changes for suse-migration-sle16-activation:

  • Move script package to the main migration provider
  • Create lib file for common network-prereq tasks
  • Refactor mount_system service

Changes for suse-migration-services:

  • Bump to version: 2.1.30:
    • Update docinfo
    • Update doc/adoc/user_guide.adoc
    • Update documentation for 12-to-15 in pubclouds Fix information about default service pack target.
    • Apply make black
    • Added black for code formatting
    • refactor: add Zypper.install wrapper Add Zypper.install wrapper method for package installation
    • Fixed get_migration_target return behavior
    • fix: ensure NetworkManager is installed on the target system

Changes for wicked2nm:

  • Update to version v1.4.1.

Security issues fixed:

  • CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257911).

Other updates and bugfixes:

  • update bytes from 1.10.1 to 1.11.1
  • update time to 0.3.47

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP7
SLES16-Migration-2.1.30-15.26.4
python3-migration-2.1.30-150700.15.21.1
suse-migration-pre-checks-2.1.30-150700.15.21.1
suse-migration-scripts-2.1.30-150700.15.21.1
suse-migration-sle16-activation-2.1.30-150700.15.13.1
wicked2nm-1.4.1-150700.15.16.1
SUSE Linux Enterprise Module for SAP Applications 15 SP7
SLES16-SAP_Migration-2.1.30-15.18.4

Ссылки

Описание

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:SLES16-Migration-2.1.30-15.26.4
SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-migration-2.1.30-150700.15.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-pre-checks-2.1.30-150700.15.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:suse-migration-scripts-2.1.30-150700.15.21.1
Ссылки