61 matches found
Security update for agama (important)
openSUSE security update: security update for agama ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20753-1 Rating: important References: bsc1257930 Cross-References: CVE-2026-25727 CVSS scores: CVE-2026-25727 SUSE : 7.5...
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of the time crate (CVE-2026-25727)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.92.0.0 uses version 0.3.37 of the time crate which is vulnerable to CVE-2026-25727. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47,...
Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2026-1591)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1591 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...
Security update for librsvg
This update for librsvg fixes the following issue: CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
openSUSE 16 Security Update : librsvg (openSUSE-SU-2026:20610-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20610-1 advisory. This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack...
OPENSUSE-SU-2026:20610-1 Security update for librsvg
This update for librsvg fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257922...
SUSE-SU-2026:1361-1 Security update for himmelblau
This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b; jscPED-14511: - CVE-2026-34397: Fix LPE due to name collision during NSS fake-primary group lookup bsc1261324. - CVE-2026-31979: Fix race condition when accessiung /tmp/krb5ccuid bsc1259548. -...
Amazon Linux 2023 : amazon-efs-utils (ALAS2023-2026-1564)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1564 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via...
Medium: rust-cargo-c
Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...
Low: rust-below
Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...
Amazon Linux 2023 : below (ALAS2023-2026-1523)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1523 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...
Security Bulletin: IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727.
Summary IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when...
Security update for snpguest (important)
openSUSE security update: security update for snpguest ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20380-1 Rating: important References: bsc1257877 bsc1257927 Cross-References: CVE-2026-25727 CVSS scores: CVE-2026-25727 SUSE : 7.5...
openSUSE 16 Security Update : rust-keylime (openSUSE-SU-2026:20364-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20364-1 advisory. - Update to version 0.2.8+116: - CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. bsc1257908...
OPENSUSE-SU-2026:20380-1 Security update for snpguest
This update for snpguest fixes the following issues: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257927. - Update to version 0.10.0 bsc1257877: chore: updating tool version to 0.10.0 refactorcerts: remove redundant branch in...
SUSE-SU-2026:20748-1 Security update for python-maturin
This update for python-maturin fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257918...
SUSE-SU-2026:20744-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update to version 0.2.8+116: - CVE-2026-25727: Update vendored crates to fix a date parser can lead to stack exhaustion in Time. bsc1257908...
openSUSE Security Advisory (SUSE-SU-2026:0860-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-eb2fc8e93d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2026:20723-1 Security update for virtiofsd
This update for virtiofsd fixes the following issue: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257912...