2 matches found
OPENSUSE-SU-2026:20026-1 Security update for python-uv
This update for python-uv fixes the following issues: - CVE-2025-62518: astral-tokio-tar: Fixed boundary parsing issue allowing attackers to smuggle additional archive entries bsc1252399 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249011...
SUSE CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives...