SUSE-SU-2026:21794-1 Security update for agama

This update for agama fixes the following issue - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257930. Changes for agama: - Update "time" crate to version 0.3.47...

OPENSUSE-SU-2026:20753-1 Security update for agama

This update for agama fixes the following issue - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion bsc1257930. Changes for agama: - Update "time" crate to version 0.3.47...

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of the time crate (CVE-2026-25727)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.92.0.0 uses version 0.3.37 of the time crate which is vulnerable to CVE-2026-25727. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47,...

Amazon Linux 2023 : aws-nitro-tpm-tools (ALAS2023-2026-1610)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1610 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

Low: librsvg2

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Low: aws-nitro-tpm-tools

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Amazon Linux 2023 : librsvg2, librsvg2-devel, librsvg2-tools (ALAS2023-2026-1591)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1591 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

Amazon Linux 2 : amazon-efs-utils, --advisory ALAS2-2026-3245 (ALAS-2026-3245)

The version of amazon-efs-utils installed on the remote host is prior to 3.0.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3245 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided t...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Security Bulletin: Segmentation Fault Vulnerability in Rust time crate on Unix Systems (v0.2.7–v0.2.22) affects watsonx.data

Summary A vulnerability in the Rust time crate v0.2.7–v0.2.22 can cause segmentation faults on Unix-like systems when environment variables are set from a different thread. Windows and WebAssembly targets are unaffected. This can affect watsonx.data. Vulnerability Details CVEID:CVE-2020-26235...

Low: rust-below

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

Amazon Linux 2023 : cargo-c (ALAS2023-2026-1527)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1527 advisory. A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the...

Amazon Linux 2023 : below (ALAS2023-2026-1523)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1523 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

Security Bulletin: IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727.

Summary IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3177 (ALAS-2026-3177)

The version of thunderbird installed on the remote host is prior to 140.7.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3177 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type...

Amazon Linux 2023 : firefox (ALAS2023-2026-1445)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1445 advisory. time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack...

`dnp3times` was removed from crates.io due to malicious code

The dnp3times crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. It was loosely trying to typosquat the dnp3time crate, but otherwise was the same attack as the recent timecalibrator and timecalibrators malware. The malicious cra...

Low: firefox

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

[SECURITY] Fedora 42 Update: rust-time-macros-0.2.27-1.fc42

Procedural macros for the time crate...

[SECURITY] Fedora 42 Update: rust-time-core-0.1.8-1.fc42

Internal implementation details of the 'time' crate...