ALSA-2025:7160 Moderate: bootc security update

Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

RHEL 9 : bootc (RHSA-2025:7160)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7160 advisory. Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the...

Moderate: rpm-ostree security update

The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...

ALSA-2025:7317 Moderate: python3.12-cryptography security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Fedora: Security Advisory (FEDORA-2025-472776e5dc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: rust-openssl-sys-0.9.107-1.fc41

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-sys-0.9.107-1.fc40

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-0.10.72-1.fc40

OpenSSL bindings...

[SECURITY] Fedora 42 Update: rust-openssl-sys-0.9.107-1.fc42

FFI bindings to OpenSSL...

[SECURITY] Fedora 42 Update: rust-openssl-0.10.72-1.fc42

OpenSSL bindings...

Fedora 40 : rust-openssl / rust-openssl-sys (2025-472776e5dc)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-472776e5dc advisory. - Update the openssl crate to version 0.10.72. - Update the openssl-sys crate to version 0.9.107. This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 a...

Linux Distros Unpatched Vulnerability : CVE-2024-3296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style...

GHSA-4FCV-W3QC-PPGG rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

Linux Distros Unpatched Vulnerability : CVE-2025-24898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the serv...

SUSE CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

OESA-2025-1120 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into th...

[SECURITY] Fedora 40 Update: rust-openssl-sys-0.9.105-1.fc40

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-0.10.70-1.fc40

OpenSSL bindings...

[SECURITY] [DLA 4049-1] rust-openssl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4049-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura February 11, 2025 https://wiki.debian.org/LTS -...