openSUSE 16 Security Update : cargo-c (openSUSE-SU-2026:20060-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20060-1 advisory. - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber:...

SUSE-SU-2026:20096-1 Security update for cargo-c

This update for cargo-c fixes the following issues: - CVE-2025-4574: crossbeam-channel: Fixed double-free on drop in Channel::discardallmessages bsc1243179 - CVE-2025-58160: tracing-subscriber: Fixed log pollution bsc1249012 - CVE-2024-12224: idna: Fixed improper validation of Punycode labels...

TencentOS Server 4: kata-containers (TSSA-2025:0424)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0424 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Security Bulletin: IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574.

Summary IBM Edge Data Collector uses crossbeam-channel-0.5.14.crate which is vulnerable to CVE-2025-4574. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-4574 DESCRIPTION: In crossbeam-channel rust crate, the internal Channel type's...

EUVD-2021-1794

Malware in sbrugna...

EUVD-2025-29421

Malicious code in bioql PyPI...

EUVD-2025-10692

Malicious code in bioql PyPI...

Undefined Behavior in bounded Crossbeam channel

...

Linux Distros Unpatched Vulnerability : CVE-2020-35904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation...

Linux Distros Unpatched Vulnerability : CVE-2025-4574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some circumstances, lead to a double-free that cou...

Fedora 43 : python-watchfiles (2025-165ec5fe3b)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-165ec5fe3b advisory. Automatic update for python-watchfiles-1.0.5-3.fc43. Changelog Thu May 15 2025 Benjamin A. Beasley - 1.0.5-3 - Security fix for CVE-2025-4574 fix RHBZ2366569...

Azure Linux 3.0 Security Update: azl-compliance / rust (CVE-2025-4574)

The version of azl-compliance / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-4574 advisory. - In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition...

Crossbeam-channel: crossbeam-channel vulnerable to double free on drop

...

Fedora: Security Advisory (FEDORA-2025-4fc3431dab)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : ruff / rust-hashlink / rust-rusqlite (2025-04894ce9bd)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-04894ce9bd advisory. Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. ---...

Fedora 41 : ruff / rust-hashlink / rust-rusqlite (2025-575023fff7)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-575023fff7 advisory. Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. ---...

CVE-2020-35904

An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are...

Security update for python-maturin

This update for python-maturin fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. CVE-2025-4574: crossbeam-channel: double-free leading to possible memory corruption in...

SUSE CVE-2025-4574

In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption...

GHSA-W443-5H3J-JQCP Duplicate Advisory: crossbeam-channel Vulnerable to Double Free on Drop

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pg9f-39pc-qf8g. This link is maintained to preserve external references. Original Description In crossbeam-channel rust crate, the internal Channel type's Drop method has a race condition which could, in some...