Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of openssl (CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses versions 0.10.73 and 0.10.74 of the openssl crate, which provides Rust bindings for the OpenSSL library. Several security-related bugs, such as buffer overflows, were identified in these versions of the...

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of thin-vec (CVE-2026-6654)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses the thin-vec-0.2.14 crate, which is vulnerable to a double free error. Vulnerability Details CVEID:CVE-2026-6654 DESCRIPTION: Double-Free / Use-After-Free UAF in the IntoIter::drop and ThinVec::clear...

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of the time crate (CVE-2026-25727)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.92.0.0 uses version 0.3.37 of the time crate which is vulnerable to CVE-2026-25727. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47,...