CVE-2026-45784 vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sccache, sentry-cli, bootc, valkey-ldap, guestproxyagent, vector, rpm-sequoia, sqlx, typst, komodo, ztunnel-fips, deno, rustup...

GHSA-PHQJ-4MHP-Q6MQ vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sccache, sentry-cli, bootc, valkey-ldap, guestproxyagent, vector, rpm-sequoia, sqlx, typst, komodo, ztunnel-fips, deno, rustup...

curl: rustls backend silently ignores CURLOPT_CRLFILE when native CA store is active

Hi all, When the rustls backend is configured to use the OS native CA store --ca-native / CURLSSLOPTNATIVECA, any CRL file supplied via --crlfile / CURLOPTCRLFILE is silently ignored. The option is accepted — CURLEOK from curleasysetopt, exit 0 from the command line — and revoked certificates pas...

curl: TLS verifyhost bypass in rustls, mbedTLS, and wolfSSL when verifypeer=0

The now-well-known CURLOPTSSLVERIFYHOST-bypass-when-CURLOPTSSLVERIFYPEER=0 defect exists in three of curl's TLS backends: rustls EXPERIMENTAL, mbedTLS, and wolfSSL DNS hostnames only. The documented contract at docs/libcurl/opts/CURLOPTSSLVERIFYPEER.md:57-59: The check that the host name in the...

CVE-2026-41898 vulnerabilities

Vulnerabilities for packages: rustls-openssl-client, sccache, sentry-cli, bootc, valkey-ldap, guestproxyagent, vector, rpm-sequoia, sqlx, typst, komodo, ztunnel-fips, deno, rustup, sdp-k8s-injector...

Security update for himmelblau (moderate)

openSUSE security update: security update for himmelblau ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20658-1 Rating: moderate References: bsc1261324 bsc1261613 Cross-References: CVE-2026-34397 CVSS scores: CVE-2026-34397 SUSE : 6.3...

[SECURITY] Fedora 44 Update: rust-rustls-webpki-0.103.13-1.fc44

Web PKI X.509 Certificate Verification...

[SECURITY] Fedora 43 Update: rust-rustls-webpki-0.103.13-1.fc43

Web PKI X.509 Certificate Verification...

[SECURITY] Fedora 42 Update: rust-rustls-webpki-0.103.13-1.fc42

Web PKI X.509 Certificate Verification...

Fedora 44 : rust-rustls-webpki (2026-8f36b2341e)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8f36b2341e advisory. Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099, RUSTSEC-2026-0104. ---- Update to version 0.103.10. Addresses RUSTSEC-2026-0049...

Fedora 42 : rust-rustls-webpki (2026-204499102d)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-204499102d advisory. Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099, RUSTSEC-2026-0104. Tenable has extracted the preceding description block directly...

Fedora 43 : rust-rustls-webpki (2026-bea616fc84)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-bea616fc84 advisory. Update to version 0.103.13. Addresses RUSTSEC-2026-0098, RUSTSEC-2026-0099, RUSTSEC-2026-0104. Tenable has extracted the preceding description block directly...

OPENSUSE-SU-2026:20658-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

SUSE-SU-2026:21437-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

AskAI (=0.1.0), BiliupApi (>=0.1.0 <=0.1.7) +3944 more potentially affected by unknown CVE via rustls-webpki (>=0.100.3 <=0.102.8)

rustls-webpki CARGO version =0.100.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.26, =0.4.0, =0.1.0, =0.21.0-alpha.1, =0.1.11, =0.12.1, =0.13.0 - acme =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-82J2-J2CH-GFR8...

rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

Summary bitstringflags in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly 0x00 one byte: zero padding bits, zero data bytes. This is reachable through the public API BorrowedCertRevocationList::fromder via the issuingDistributionPoint CRL extension...

GHSA-82J2-J2CH-GFR8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

Summary bitstringflags in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly 0x00 one byte: zero padding bits, zero data bytes. This is reachable through the public API BorrowedCertRevocationList::fromder via the issuingDistributionPoint CRL extension...

AskAI (=0.1.0), BiliupApi (>=0.1.0 <=0.1.7) +3944 more potentially affected by unknown CVE via rustls-webpki (>=0.100.3 <=0.102.8)

rustls-webpki CARGO version =0.100.3, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.26, =0.4.0, =0.1.0, =0.21.0-alpha.1, =0.1.11, =0.12.1, =0.13.0 - acme =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0104...

curl: Heap-buffer-overflow in `Curl_ssl_push_certinfo_len()` — sole bounds check is `DEBUGASSERT`

Summary Curlsslpushcertinfolen in lib/vtls/vtls.c uses DEBUGASSERTcertnum numofcerts as its only bounds check before writing a heap pointer into ci-certinfocertnum. DEBUGASSERT is a no-op in every release/production build lib/curlsetup.h:1084. Any mismatch between the count passed to...

AskAI (=0.1.0), BiliupApi (>=0.1.0 <=0.1.7) +3943 more potentially affected by unknown CVE via rustls-webpki (>=0.101.7 <=0.102.8)

rustls-webpki CARGO version =0.101.7, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.26, =0.4.0, =0.1.0, =0.21.0-alpha.1, =0.1.11, =0.12.1, =0.13.0 - acme =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XGP8-3HG3-C2MH...