Security update for clamav (moderate)

openSUSE security update: security update for clamav ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20479-1 Rating: moderate References: bsc1221954 bsc1258072 bsc1259207 Cross-References: CVE-2026-20031 CVSS scores: CVE-2026-20031 SUSE : 5.3...

SUSE-SU-2026:1325-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

SUSE-SU-2026:0906-1 Security update for clamav

This update for clamav fixes the following issues: Update to clamav 1.5.2: Security issue: - CVE-2026-20031: improper error handling in the HTML CSS module when splitting UTF-8 strings can lead to denial of service conditions via a crafted HTML file bsc1259207. Non security issue: - Support...

`finch-rust` was removed from crates.io for malicious code

It depended on the sha-rust crate, which appeared to be attempting to steal credentials from local files...

marked-sanitizer (=0.0.0) potentially affected by unknown CVE via ammonia (=3.1.4)

ammonia CARGO version =3.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on ammonia and may be impacted: - marked-sanitizer =0.0.0 Source cves: unknown CVE Source advisory: SNYK:RUST-AMMONIA-13004667...

Fedora 41 : rustup (2025-faf407c43f)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-faf407c43f advisory. Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. Tenable has extracted the preceding description block directly from the Fedora security...

CVE-2025-38033 x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88

In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...

CVE-2025-38033

CVE-2025-38033 affects the Linux kernel (x86) where FineIBT and Rust integration triggers a kernel panic when core::fmt::write() is invoked from Rust with FineIBT enabled. Root cause is that core::fmt::rt::Argument::fmt() has CFI-disabled code (no_sanitize(cfi, kcfi)), causing a Control Protectio...

alloy-rs (=0.2.1), anndata (=0.2.0) +100 more potentially affected by unknown CVE via arrow2 (>=0.10.1 <=0.9.2)

arrow2 CARGO version =0.10.1, =0.1.0, =0.1.0, =0.6.0, =0.1.0, =0.0.1, =0.1.0, =0.2.1, =0.2.2, =0.4.0, =0.1.0, =0.1.3 - datap =0.0.1 - erc725-rs =0.1.0 - ezel =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0038...

OPENSUSE-SU-2022:1127-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR bsc1197903: MFSA 2022-14 bsc1197903 CVE-2022-1097: Fixed memory safety violations that could occur when PKCS11 tokens are removed while in use CVE-2022-28281: Fixed an out of bounds write due to...

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-23841 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-23841 Source advisory: OSV:RUSTSEC-2021-0058...