SUSE-SU-2025:4411-1 Security update for librsvg

This update for librsvg fixes the following issues: Update to version 2.52.12. - CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode labels that do not produce any non-ASCII output when decoded bsc1243867. - CVE-2024-43806: rustix:...

`rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion

...

AZL-48324 CVE-2024-43806 affecting package kata-containers-cc for versions less than 3.2.0.azl2-7

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

AZL-48300 CVE-2024-43806 affecting package cloud-hypervisor for versions less than 32.0-7

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

PT-2023-32952 · Trustix +2 · Rustix +2

Name of the Vulnerable Software and Affected Versions: Rustix versions prior to 0.35.15 Rustix versions prior to 0.36.16 Rustix versions prior to 0.37.25 Rustix versions prior to 0.38.19 Description: The issue arises when using rustix::fs::Dir with the linux raw backend, where the iterator can ge...