9529 matches found
Security update for himmelblau
This update for himmelblau fixes the following issues: CVE-2025-5791: Fixed using deprecated users crate bsc1244202 CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242648 Update to version 0.7.17+git.0.1ebdab0 Update sccache-action version to use new...
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...
SUSE SLED15: libekmfweb1 / libekmfweb1-devel / libkmipclient1 / osasnmpd / etc (SUSE-SU-2025:02017-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02017-1 advisory. Security issues fixed: - CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate...
Why We Chose Rust For Spin
When Fermyon set out to implement Spin, the decision to use Rust wasn't just logical — it felt inevitable...
Mozilla neqo 安全漏洞
Mozilla neqo is a Rust protocol library from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla neqo versions 0.4.24 through 0.13.2, which stems from improper input validation and may cause a crash...
[SECURITY] Fedora 41 Update: mirrorlist-server-3.0.7-7.fc41
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
[SECURITY] Fedora 41 Update: keylime-agent-rust-0.2.7-5.fc41
Rust agent for Keylime...
[SECURITY] Fedora 42 Update: mirrorlist-server-3.0.7-7.fc42
The mirrorlist-server uses the data created by MirrorManager2 https://github.com/fedora-infra/mirrormanager2 to answer client request for the "best" mirror. This implementation of the mirrorlist-server is written in Rust. The original version of the mirrorlist-server was part of the MirrorManager...
PermRust: a Token-Based Permission System for Rust
Permission systems which restrict access to system resources are a well-established technology in operating systems, especially for smartphones. However, as such systems are implemented in the operating system they can at most manage access on the process-level. Since moderns software often reuse...
deepSURF: Detecting Memory Safety Vulnerabilities in Rust through Fuzzing LLM-Augmented Harnesses
Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited detection capabilities, inadequately handle Rust-specific...
CVE-2025-38033
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
CVE-2025-52484
The CVE concerns risc0-zkvm prior to version 2.1.0. A missing constraint in the rv32im circuit allows a malicious prover to exploit any 3-register RISC-V instruction (e.g., remu, divu) by making rs1 appear equal to rs2, potentially compromising zkVM computations. Affected releases: risc0-zkvm 2.0...
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...
Security update for s390-tools
This update for s390-tools fixes the following issues: Security issues fixed: CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. bsc1242622 Other issues: Added the new IBM z17 9175 processor type. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:02017-1 Security update for s390-tools
This update for s390-tools fixes the following issues: Security issues fixed: - CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. bsc1242622 Other issues: - Added the new IBM z17 9175 processor type...
SUSE CVE-2025-38033
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
[SECURITY] Fedora 42 Update: rust-git-interactive-rebase-tool-2.4.1-9.fc42
Full-featured terminal-based sequence editor for Git interactive rebase...
DEBIAN-CVE-2025-38033
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...
UBUNTU-CVE-2025-38033
In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...