RHEL 9 : rust-bootupd (RHSA-2025:7241)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7241 advisory. Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security...

ALSA-2025:7241 Moderate: rust-bootupd security update

Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...

RHEL 9 : bootc (RHSA-2025:7160)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7160 advisory. Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the...

ALSA-2025:7313 Moderate: keylime-agent-rust security update

Rust agent for Keylime Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

Fedora: Security Advisory (FEDORA-2025-472776e5dc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: rust-openssl-sys-0.9.107-1.fc41

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-sys-0.9.107-1.fc40

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-0.10.72-1.fc40

OpenSSL bindings...

[SECURITY] Fedora 42 Update: rust-openssl-sys-0.9.107-1.fc42

FFI bindings to OpenSSL...

[SECURITY] Fedora 42 Update: rust-openssl-0.10.72-1.fc42

OpenSSL bindings...

Fedora 40 : rust-openssl / rust-openssl-sys (2025-472776e5dc)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-472776e5dc advisory. - Update the openssl crate to version 0.10.72. - Update the openssl-sys crate to version 0.9.107. This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 a...

Linux Distros Unpatched Vulnerability : CVE-2024-3296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style...

rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

GHSA-4FCV-W3QC-PPGG rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

Linux Distros Unpatched Vulnerability : CVE-2025-24898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the serv...

SUSE CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

OESA-2025-1120 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into th...

[SECURITY] Fedora 40 Update: rust-openssl-sys-0.9.105-1.fc40

FFI bindings to OpenSSL...

[SECURITY] Fedora 40 Update: rust-openssl-0.10.70-1.fc40

OpenSSL bindings...

[SECURITY] [DLA 4049-1] rust-openssl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4049-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura February 11, 2025 https://wiki.debian.org/LTS -...