Security update for himmelblau (moderate)

openSUSE security update: security update for himmelblau ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20658-1 Rating: moderate References: bsc1261324 bsc1261613 Cross-References: CVE-2026-34397 CVSS scores: CVE-2026-34397 SUSE : 6.3...

SUSE-SU-2026:21437-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:GHSA-9F94-5G5W-GF6R...

GHSA-394X-VWMW-CRM3 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...

RUSTSEC-2026-0048 CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:RUSTSEC-2026-0048...

RUSTSEC-2026-0044 AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid DNS identifiers, causing NAMECONSTRAINTScheckCN to skip validation. However,...

GHSA-HFPC-8R3F-GW53 AWS-LC has PKCS7_verify Signature Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need...

AWS-LC has PKCS7_verify Signature Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)

aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:GHSA-65P9-R9H6-22VJ...

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)

aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:RUSTSEC-2026-0045...

RUSTSEC-2026-0046 PKCS7_verify Certificate Chain Validation Bypass in AWS-LC

Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. aws-lc-sys contains code from AWS-LC...