187 matches found
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
PT-2024-17221
Name of the Vulnerable Software and Affected Versions Rustls version 0.23.13 Description A flaw was found in Rustls and related APIs, allowing denial of service panic via a fragmented TLS ClientHello message. Recommendations For Rustls version 0.23.13, consider disabling the handling of fragmente...
PT-2024-40945 · Unknown +1 · Tokio-Rustls +2
Name of the Vulnerable Software and Affected Versions: rustls version 0.23.13 Description: A bug in rustls leads to a panic if the received TLS ClientHello is fragmented. This issue affects servers using rustls::server::Acceptor::accept and tokio-rustls's LazyConfigAcceptor API, but not those usi...
Fedora 41 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-347164df1c)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-347164df1c advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
Fedora: Security Advisory (FEDORA-2024-bf524bf5c0)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-ff98facbc6)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-rustls-native-certs-0.8.0-1.fc40
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 40 Update: rust-rustls-native-certs0.7-0.7.3-1.fc40
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 40 Update: rust-hyper-rustls-0.27.3-1.fc40
Rustls+hyper integration for pure rust HTTPS...
[SECURITY] Fedora 39 Update: rust-rustls-native-certs-0.8.0-1.fc39
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 39 Update: rust-rustls-native-certs0.7-0.7.3-1.fc39
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 39 Update: rust-hyper-rustls-0.27.3-1.fc39
Rustls+hyper integration for pure rust HTTPS...
Fedora 40 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-bf524bf5c0)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-bf524bf5c0 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
Fedora 39 : rust-hyper-rustls / rust-reqwest / rust-rustls-native-certs / etc (2024-ff98facbc6)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ff98facbc6 advisory. - Update the hyper-rustls crate to version 0.27.3. - Update the reqwest crate to version 0.12.8. - Update the rustls-native-certs crate to version 0.8.0 and...
[SECURITY] Fedora 41 Update: rust-rustls-native-certs-0.8.0-1.fc41
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 41 Update: rust-rustls-native-certs0.7-0.7.3-1.fc41
Rustls-native-certs allows rustls to use the platform native certificate store...
[SECURITY] Fedora 41 Update: rust-hyper-rustls-0.27.3-1.fc41
Rustls+hyper integration for pure rust HTTPS...
Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
...
Fedora 39 : glycin-loaders / gnome-tour / helix / helvum / libipuz / librsvg2 / etc (2024-40ee18b2e7)
The remote Fedora 39 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-40ee18b2e7 advisory. This update contains builds from a mini-mass-rebuild for Rust applications and some C-style libraries. Rebuilding with the Rust 1.78 toolchain should fix...
Fedora 40 : glycin-loaders / gnome-tour / helix / helvum / libipuz / loupe / etc (2024-ce2936b568)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ce2936b568 advisory. This update contains builds from a mini-mass-rebuild for Rust applications and some C-style libraries. Rebuilding with the Rust 1.78 toolchain should fix...