9534 matches found
Security update for rustup
This update for rustup fixes the following issues: CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode bsc1243862 CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617 Patch Instructions: To install this SUSE update use the SUS...
SUSE-SU-2025:03298-1 Security update for rustup
This update for rustup fixes the following issues: - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode bsc1243862 - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617...
marked-sanitizer (=0.0.0) potentially affected by unknown CVE via ammonia (=3.1.4)
ammonia CARGO version =3.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on ammonia and may be impacted: - marked-sanitizer =0.0.0 Source cves: unknown CVE Source advisory: SNYK:RUST-AMMONIA-13004667...
Fedora 44 : python-nh3 / rust-ammonia (2025-06a8d5853b)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-06a8d5853b advisory. Update the ammonia crate to version 4.1.2 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
fluminurs (>=0.1.1 <=0.1.6), html2pango (>=0.2.0 <=0.3.2) +3 more potentially affected by unknown CVE via ammonia (>=2.1.4 <=3.1.4)
ammonia CARGO version =2.1.4, =0.1.1, =0.2.0, =0.3.0, =0.3.1 - telereads =0.1.3 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0071...
Binwalk
This is an implementation of the Binwalk firmware analysis tool in Rust, written for speed and accuracy. Binwalk can identify and optionally extract files and data embedded inside other files, with a focus on firmware analysis. It supports a wide variety of file and data types and can even help...
CVE-2024-11738 affecting package rust for versions less than 1.86.0-6
CVE-2024-11738 affecting package rust for versions less than 1.86.0-6. A patched version of the package is available...
pingora (>=0.1.0 <=0.5.0), pingora-cache (>=0.1.0 <=0.5.0) +4 more potentially affected by CVE-2025-8671 via pingora-core (>=0.1.1 <=0.5.0)
pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.5.0 - revoke-gateway =0.3.0 - static-files-module =0.1.0 Source cves: CVE-2025-8671 Source advisory: OSV:RUSTSEC-2025-0070...
SUSE-SU-2025:20717-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 - Update to version 0.2.8+12:...
Security update for rust-keylime
This update for rust-keylime fixes the following issues: Update vendored crate slab to version 0.4.11 CVE-2025-55159: Fixed incorrect bounds check in getdisjointmut function leading to undefined behavior or potential crash due to out-of-bounds access bsc1248006 Update to version 0.2.8+12:...
acid-store (>=0.12.0 <=0.14.2), aliyundrive-fuse (>=0.1.0 <=0.1.14) +34 more potentially affected by unknown CVE via fuser (>=0.10.0 <=0.15.1)
fuser CARGO version =0.10.0, =0.12.0, =0.1.0, =1.0.0, =0.1.0, =0.6.0, =1.6.0, =0.2.5, =0.1.2, =0.8.0, =0.8.2 - iso9660 =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CVMJ-47V9-35M9...
serde_yml crate is unsound and unmaintained
Using serdeyml::ser::Serializer.emitter can cause a segmentation fault, which is unsound. The GitHub project for serdeyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommended alternatives -...
Medium: rust-cargo-c
Issue Overview: tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be...
Fedora: Security Advisory (FEDORA-2025-c71f0af9b2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
archivefs (>=1.0.0 <=1.0.1), arcon_compiler (>=0.1.0 <=0.1.1) +82 more potentially affected by unknown CVE via daemonize (>=0.2.3 <=0.5.0)
daemonize CARGO version =0.2.3, =1.0.0, =0.1.0, =0.3.1, =0.2.0, =0.5.0, =3.0.0, =0.1.0, =0.1.3, =0.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.1 - demoscene =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0069...
[SECURITY] Fedora 41 Update: uv-0.8.11-2.fc41
An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...
[SECURITY] Fedora 41 Update: rust-secret-service-5.1.0-1.fc41
Library to interface with Secret Service API...
Fedora 41 : rust-secret-service / uv (2025-c71f0af9b2)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-c71f0af9b2 advisory. Security fix for CVE-2025-58160: rebuilt uv and python-uv-build with rust-tracing-subscriber 0.3.20. Initial package for rust-secret-service in Fedora 43...
[SECURITY] Fedora 43 Update: ruff-0.11.5-7.fc43
An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...
[SECURITY] Fedora 43 Update: rustup-1.28.2-6.fc43
Manage multiple rust installations with ease...