SUSE-SU-2026:0860-1

Опубликовано: 10 мар. 2026

Источник: suse-cvrf

Описание

Security update for python-maturin

This update for python-maturin fixes the following issue:

CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257918).

Список пакетов

openSUSE Leap 15.6

python311-maturin-1.4.0-150600.3.12.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260860-1/
Link for SUSE-SU-2026:0860-1
https://lists.suse.com/pipermail/sle-security-updates/2026-March/024670.html
E-Mail link for SUSE-SU-2026:0860-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1257918
SUSE Bug 1257918
https://www.suse.com/security/cve/CVE-2026-25727/
SUSE CVE CVE-2026-25727 page

Описание

time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.

Затронутые продукты

openSUSE Leap 15.6:python311-maturin-1.4.0-150600.3.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-25727.html
CVE-2026-25727
https://bugzilla.suse.com/1257901
SUSE Bug 1257901

SUSE-SU-2026:0860-1

Описание

Список пакетов

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2026-25727

Описание

Затронутые продукты

Ссылки