Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    GHSA-PHQJ-4MHP-Q6MQ

    Vulnerability from github – Published: 2026-05-19 19:50 – Updated: 2026-05-19 19:50
    VLAI
    Summary
    rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
    Details

    CipherCtxRef::cipher_update_inplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced.

    This only impacts users using AES key-wrap-with-padding ciphers.

    This method was missed in the fix for GHSA-xv59-967r-8726

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "crates.io",
            "name": "openssl"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0.10.50"
                },
                {
                  "fixed": "0.10.80"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-45784"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-131",
          "CWE-787"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-05-19T19:50:11Z",
        "nvd_published_at": null,
        "severity": "MODERATE"
      },
      "details": "`CipherCtxRef::cipher_update_inplace` incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced.\n\nThis only impacts users using AES key-wrap-with-padding ciphers.\n\nThis method was missed in the fix for GHSA-xv59-967r-8726",
      "id": "GHSA-phqj-4mhp-q6mq",
      "modified": "2026-05-19T19:50:11Z",
      "published": "2026-05-19T19:50:11Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-phqj-4mhp-q6mq"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/rust-openssl/rust-openssl"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
          "type": "CVSS_V4"
        }
      ],
      "summary": "rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers"
    }

    OPENSUSE-SU-2026:11210-1

    Vulnerability from csaf_opensuse - Published: 2026-07-08 00:00 - Updated: 2026-07-08 00:00
    Summary
    cargo-c-0.10.23-1.1 on GA media
    Severity
    Moderate
    Notes
    Title of the patch: cargo-c-0.10.23-1.1 on GA media
    Description of the patch: These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed.
    Patchnames: openSUSE-Tumbleweed-2026-11210
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "moderate"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "cargo-c-0.10.23-1.1 on GA media",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed.",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "openSUSE-Tumbleweed-2026-11210",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11210-1.json"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41676 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41676/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "cargo-c-0.10.23-1.1 on GA media",
        "tracking": {
          "current_release_date": "2026-07-08T00:00:00Z",
          "generator": {
            "date": "2026-07-08T00:00:00Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "openSUSE-SU-2026:11210-1",
          "initial_release_date": "2026-07-08T00:00:00Z",
          "revision_history": [
            {
              "date": "2026-07-08T00:00:00Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "cargo-c-0.10.23-1.1.aarch64",
                    "product": {
                      "name": "cargo-c-0.10.23-1.1.aarch64",
                      "product_id": "cargo-c-0.10.23-1.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "cargo-c-0.10.23-1.1.ppc64le",
                    "product": {
                      "name": "cargo-c-0.10.23-1.1.ppc64le",
                      "product_id": "cargo-c-0.10.23-1.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "cargo-c-0.10.23-1.1.s390x",
                    "product": {
                      "name": "cargo-c-0.10.23-1.1.s390x",
                      "product_id": "cargo-c-0.10.23-1.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "cargo-c-0.10.23-1.1.x86_64",
                    "product": {
                      "name": "cargo-c-0.10.23-1.1.x86_64",
                      "product_id": "cargo-c-0.10.23-1.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "openSUSE Tumbleweed",
                    "product": {
                      "name": "openSUSE Tumbleweed",
                      "product_id": "openSUSE Tumbleweed",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:opensuse:tumbleweed"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "cargo-c-0.10.23-1.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64"
            },
            "product_reference": "cargo-c-0.10.23-1.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "cargo-c-0.10.23-1.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le"
            },
            "product_reference": "cargo-c-0.10.23-1.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "cargo-c-0.10.23-1.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x"
            },
            "product_reference": "cargo-c-0.10.23-1.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "cargo-c-0.10.23-1.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            },
            "product_reference": "cargo-c-0.10.23-1.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41676",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41676"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41676",
              "url": "https://www.suse.com/security/cve/CVE-2026-41676"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270137 for CVE-2026-41676",
              "url": "https://bugzilla.suse.com/1270137"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41676"
        },
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
              "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.aarch64",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.ppc64le",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.s390x",
                "openSUSE Tumbleweed:cargo-c-0.10.23-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }

    OPENSUSE-SU-2026:11222-1

    Vulnerability from csaf_opensuse - Published: 2026-07-08 00:00 - Updated: 2026-07-08 00:00
    Summary
    keylime-ima-policy-0.2.9+49-1.1 on GA media
    Severity
    Moderate
    Notes
    Title of the patch: keylime-ima-policy-0.2.9+49-1.1 on GA media
    Description of the patch: These are all security issues fixed in the keylime-ima-policy-0.2.9+49-1.1 package on the GA media of openSUSE Tumbleweed.
    Patchnames: openSUSE-Tumbleweed-2026-11222
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64
    Vendor Fix
    Threats
    Impact moderate

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "moderate"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "keylime-ima-policy-0.2.9+49-1.1 on GA media",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "These are all security issues fixed in the keylime-ima-policy-0.2.9+49-1.1 package on the GA media of openSUSE Tumbleweed.",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "openSUSE-Tumbleweed-2026-11222",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11222-1.json"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41676 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41676/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "keylime-ima-policy-0.2.9+49-1.1 on GA media",
        "tracking": {
          "current_release_date": "2026-07-08T00:00:00Z",
          "generator": {
            "date": "2026-07-08T00:00:00Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "openSUSE-SU-2026:11222-1",
          "initial_release_date": "2026-07-08T00:00:00Z",
          "revision_history": [
            {
              "date": "2026-07-08T00:00:00Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-1.1.aarch64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-1.1.aarch64",
                      "product_id": "keylime-ima-policy-0.2.9+49-1.1.aarch64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-1.1.aarch64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-1.1.aarch64",
                      "product_id": "rust-keylime-0.2.9+49-1.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                      "product_id": "keylime-ima-policy-0.2.9+49-1.1.ppc64le"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-1.1.ppc64le",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-1.1.ppc64le",
                      "product_id": "rust-keylime-0.2.9+49-1.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-1.1.s390x",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-1.1.s390x",
                      "product_id": "keylime-ima-policy-0.2.9+49-1.1.s390x"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-1.1.s390x",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-1.1.s390x",
                      "product_id": "rust-keylime-0.2.9+49-1.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-1.1.x86_64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-1.1.x86_64",
                      "product_id": "keylime-ima-policy-0.2.9+49-1.1.x86_64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-1.1.x86_64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-1.1.x86_64",
                      "product_id": "rust-keylime-0.2.9+49-1.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "openSUSE Tumbleweed",
                    "product": {
                      "name": "openSUSE Tumbleweed",
                      "product_id": "openSUSE Tumbleweed",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:opensuse:tumbleweed"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "keylime-ima-policy-0.2.9+49-1.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64"
            },
            "product_reference": "keylime-ima-policy-0.2.9+49-1.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "keylime-ima-policy-0.2.9+49-1.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le"
            },
            "product_reference": "keylime-ima-policy-0.2.9+49-1.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "keylime-ima-policy-0.2.9+49-1.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x"
            },
            "product_reference": "keylime-ima-policy-0.2.9+49-1.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "keylime-ima-policy-0.2.9+49-1.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64"
            },
            "product_reference": "keylime-ima-policy-0.2.9+49-1.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-1.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64"
            },
            "product_reference": "rust-keylime-0.2.9+49-1.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-1.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le"
            },
            "product_reference": "rust-keylime-0.2.9+49-1.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-1.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x"
            },
            "product_reference": "rust-keylime-0.2.9+49-1.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-1.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            },
            "product_reference": "rust-keylime-0.2.9+49-1.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41676",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41676"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41676",
              "url": "https://www.suse.com/security/cve/CVE-2026-41676"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270137 for CVE-2026-41676",
              "url": "https://bugzilla.suse.com/1270137"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41676"
        },
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
              "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:keylime-ima-policy-0.2.9+49-1.1.x86_64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.aarch64",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.ppc64le",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.s390x",
                "openSUSE Tumbleweed:rust-keylime-0.2.9+49-1.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }

    OPENSUSE-SU-2026:11223-1

    Vulnerability from csaf_opensuse - Published: 2026-07-08 00:00 - Updated: 2026-07-08 00:00
    Summary
    rustup-1.28.2~0-5.1 on GA media
    Severity
    Moderate
    Notes
    Title of the patch: rustup-1.28.2~0-5.1 on GA media
    Description of the patch: These are all security issues fixed in the rustup-1.28.2~0-5.1 package on the GA media of openSUSE Tumbleweed.
    Patchnames: openSUSE-Tumbleweed-2026-11223
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64
    Vendor Fix
    Threats
    Impact moderate

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "moderate"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "rustup-1.28.2~0-5.1 on GA media",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "These are all security issues fixed in the rustup-1.28.2~0-5.1 package on the GA media of openSUSE Tumbleweed.",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "openSUSE-Tumbleweed-2026-11223",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11223-1.json"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "rustup-1.28.2~0-5.1 on GA media",
        "tracking": {
          "current_release_date": "2026-07-08T00:00:00Z",
          "generator": {
            "date": "2026-07-08T00:00:00Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "openSUSE-SU-2026:11223-1",
          "initial_release_date": "2026-07-08T00:00:00Z",
          "revision_history": [
            {
              "date": "2026-07-08T00:00:00Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "rustup-1.28.2~0-5.1.aarch64",
                    "product": {
                      "name": "rustup-1.28.2~0-5.1.aarch64",
                      "product_id": "rustup-1.28.2~0-5.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "rustup-1.28.2~0-5.1.ppc64le",
                    "product": {
                      "name": "rustup-1.28.2~0-5.1.ppc64le",
                      "product_id": "rustup-1.28.2~0-5.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "rustup-1.28.2~0-5.1.s390x",
                    "product": {
                      "name": "rustup-1.28.2~0-5.1.s390x",
                      "product_id": "rustup-1.28.2~0-5.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "rustup-1.28.2~0-5.1.x86_64",
                    "product": {
                      "name": "rustup-1.28.2~0-5.1.x86_64",
                      "product_id": "rustup-1.28.2~0-5.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "openSUSE Tumbleweed",
                    "product": {
                      "name": "openSUSE Tumbleweed",
                      "product_id": "openSUSE Tumbleweed",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:opensuse:tumbleweed"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rustup-1.28.2~0-5.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64"
            },
            "product_reference": "rustup-1.28.2~0-5.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rustup-1.28.2~0-5.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le"
            },
            "product_reference": "rustup-1.28.2~0-5.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rustup-1.28.2~0-5.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x"
            },
            "product_reference": "rustup-1.28.2~0-5.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rustup-1.28.2~0-5.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            },
            "product_reference": "rustup-1.28.2~0-5.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
              "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.aarch64",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.ppc64le",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.s390x",
                "openSUSE Tumbleweed:rustup-1.28.2~0-5.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }

    OPENSUSE-SU-2026:11224-1

    Vulnerability from csaf_opensuse - Published: 2026-07-08 00:00 - Updated: 2026-07-08 00:00
    Summary
    sccache-0.16.0~0-3.1 on GA media
    Severity
    Moderate
    Notes
    Title of the patch: sccache-0.16.0~0-3.1 on GA media
    Description of the patch: These are all security issues fixed in the sccache-0.16.0~0-3.1 package on the GA media of openSUSE Tumbleweed.
    Patchnames: openSUSE-Tumbleweed-2026-11224
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x
    Vendor Fix
    Unresolved product id: openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64
    Vendor Fix
    Threats
    Impact moderate

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "moderate"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "sccache-0.16.0~0-3.1 on GA media",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "These are all security issues fixed in the sccache-0.16.0~0-3.1 package on the GA media of openSUSE Tumbleweed.",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "openSUSE-Tumbleweed-2026-11224",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11224-1.json"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "sccache-0.16.0~0-3.1 on GA media",
        "tracking": {
          "current_release_date": "2026-07-08T00:00:00Z",
          "generator": {
            "date": "2026-07-08T00:00:00Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "openSUSE-SU-2026:11224-1",
          "initial_release_date": "2026-07-08T00:00:00Z",
          "revision_history": [
            {
              "date": "2026-07-08T00:00:00Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "sccache-0.16.0~0-3.1.aarch64",
                    "product": {
                      "name": "sccache-0.16.0~0-3.1.aarch64",
                      "product_id": "sccache-0.16.0~0-3.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "sccache-0.16.0~0-3.1.ppc64le",
                    "product": {
                      "name": "sccache-0.16.0~0-3.1.ppc64le",
                      "product_id": "sccache-0.16.0~0-3.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "sccache-0.16.0~0-3.1.s390x",
                    "product": {
                      "name": "sccache-0.16.0~0-3.1.s390x",
                      "product_id": "sccache-0.16.0~0-3.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "sccache-0.16.0~0-3.1.x86_64",
                    "product": {
                      "name": "sccache-0.16.0~0-3.1.x86_64",
                      "product_id": "sccache-0.16.0~0-3.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "openSUSE Tumbleweed",
                    "product": {
                      "name": "openSUSE Tumbleweed",
                      "product_id": "openSUSE Tumbleweed",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:opensuse:tumbleweed"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "sccache-0.16.0~0-3.1.aarch64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64"
            },
            "product_reference": "sccache-0.16.0~0-3.1.aarch64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "sccache-0.16.0~0-3.1.ppc64le as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le"
            },
            "product_reference": "sccache-0.16.0~0-3.1.ppc64le",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "sccache-0.16.0~0-3.1.s390x as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x"
            },
            "product_reference": "sccache-0.16.0~0-3.1.s390x",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "sccache-0.16.0~0-3.1.x86_64 as component of openSUSE Tumbleweed",
              "product_id": "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            },
            "product_reference": "sccache-0.16.0~0-3.1.x86_64",
            "relates_to_product_reference": "openSUSE Tumbleweed"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
              "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.aarch64",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.ppc64le",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.s390x",
                "openSUSE Tumbleweed:sccache-0.16.0~0-3.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-08T00:00:00Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }

    SUSE-SU-2026:2807-1

    Vulnerability from csaf_suse - Published: 2026-07-09 04:47 - Updated: 2026-07-09 04:47
    Summary
    Security update for rust-keylime
    Severity
    Important
    Notes
    Title of the patch: Security update for rust-keylime
    Description of the patch: This update for rust-keylime fixes the following issues - Update to version 0.2.9+49 - Update openssl to 0.10.81 - CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174). - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614). - CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270699). - CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792). - CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842). - CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523). - CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate (bsc#1270903). - CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999).
    Patchnames: SUSE-2026-2807,SUSE-SLE-Micro-5.5-2026-2807
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    References
    URL Category
    https://www.suse.com/support/security/rating/ external
    https://ftp.suse.com/pub/projects/security/csaf/s… self
    https://www.suse.com/support/update/announcement/… self
    https://lists.suse.com/pipermail/sle-updates/2026… self
    https://bugzilla.suse.com/1260596 self
    https://bugzilla.suse.com/1270174 self
    https://bugzilla.suse.com/1270523 self
    https://bugzilla.suse.com/1270614 self
    https://bugzilla.suse.com/1270699 self
    https://bugzilla.suse.com/1270792 self
    https://bugzilla.suse.com/1270842 self
    https://bugzilla.suse.com/1270903 self
    https://bugzilla.suse.com/1270999 self
    https://www.suse.com/security/cve/CVE-2026-41676/ self
    https://www.suse.com/security/cve/CVE-2026-41677/ self
    https://www.suse.com/security/cve/CVE-2026-41678/ self
    https://www.suse.com/security/cve/CVE-2026-41681/ self
    https://www.suse.com/security/cve/CVE-2026-41898/ self
    https://www.suse.com/security/cve/CVE-2026-42327/ self
    https://www.suse.com/security/cve/CVE-2026-44662/ self
    https://www.suse.com/security/cve/CVE-2026-45784/ self
    https://www.suse.com/security/cve/CVE-2026-41676 external
    https://bugzilla.suse.com/1270137 external
    https://www.suse.com/security/cve/CVE-2026-41677 external
    https://bugzilla.suse.com/1270540 external
    https://www.suse.com/security/cve/CVE-2026-41678 external
    https://bugzilla.suse.com/1270641 external
    https://www.suse.com/security/cve/CVE-2026-41681 external
    https://bugzilla.suse.com/1270719 external
    https://www.suse.com/security/cve/CVE-2026-41898 external
    https://bugzilla.suse.com/1270798 external
    https://www.suse.com/security/cve/CVE-2026-42327 external
    https://bugzilla.suse.com/1270454 external
    https://www.suse.com/security/cve/CVE-2026-44662 external
    https://bugzilla.suse.com/1270872 external
    https://www.suse.com/security/cve/CVE-2026-45784 external
    https://bugzilla.suse.com/1270946 external

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "important"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "Security update for rust-keylime",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "This update for rust-keylime fixes the following issues\n\n- Update to version 0.2.9+49\n- Update openssl to 0.10.81\n- CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174).\n- CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614).\n- CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270699).\n- CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792).\n- CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842).\n- CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523).\n- CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate (bsc#1270903).\n- CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999).\n",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "SUSE-2026-2807,SUSE-SLE-Micro-5.5-2026-2807",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2807-1.json"
          },
          {
            "category": "self",
            "summary": "URL for SUSE-SU-2026:2807-1",
            "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262807-1/"
          },
          {
            "category": "self",
            "summary": "E-Mail link for SUSE-SU-2026:2807-1",
            "url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048056.html"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1260596",
            "url": "https://bugzilla.suse.com/1260596"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270174",
            "url": "https://bugzilla.suse.com/1270174"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270523",
            "url": "https://bugzilla.suse.com/1270523"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270614",
            "url": "https://bugzilla.suse.com/1270614"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270699",
            "url": "https://bugzilla.suse.com/1270699"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270792",
            "url": "https://bugzilla.suse.com/1270792"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270842",
            "url": "https://bugzilla.suse.com/1270842"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270903",
            "url": "https://bugzilla.suse.com/1270903"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270999",
            "url": "https://bugzilla.suse.com/1270999"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41676 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41676/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "Security update for rust-keylime",
        "tracking": {
          "current_release_date": "2026-07-09T04:47:12Z",
          "generator": {
            "date": "2026-07-09T04:47:12Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "SUSE-SU-2026:2807-1",
          "initial_release_date": "2026-07-09T04:47:12Z",
          "revision_history": [
            {
              "date": "2026-07-09T04:47:12Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.aarch64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.aarch64",
                      "product_id": "keylime-ima-policy-0.2.9+49-150500.3.19.1.aarch64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                      "product_id": "rust-keylime-0.2.9+49-150500.3.19.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.ppc64le",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.ppc64le",
                      "product_id": "keylime-ima-policy-0.2.9+49-150500.3.19.1.ppc64le"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                      "product_id": "rust-keylime-0.2.9+49-150500.3.19.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.s390x",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.s390x",
                      "product_id": "keylime-ima-policy-0.2.9+49-150500.3.19.1.s390x"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                      "product_id": "rust-keylime-0.2.9+49-150500.3.19.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.x86_64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150500.3.19.1.x86_64",
                      "product_id": "keylime-ima-policy-0.2.9+49-150500.3.19.1.x86_64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150500.3.19.1.x86_64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150500.3.19.1.x86_64",
                      "product_id": "rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "SUSE Linux Enterprise Micro 5.5",
                    "product": {
                      "name": "SUSE Linux Enterprise Micro 5.5",
                      "product_id": "SUSE Linux Enterprise Micro 5.5",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:suse:sle-micro:5.5"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150500.3.19.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
              "product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64"
            },
            "product_reference": "rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150500.3.19.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
              "product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le"
            },
            "product_reference": "rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150500.3.19.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
              "product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x"
            },
            "product_reference": "rust-keylime-0.2.9+49-150500.3.19.1.s390x",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150500.3.19.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
              "product_id": "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            },
            "product_reference": "rust-keylime-0.2.9+49-150500.3.19.1.x86_64",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41676",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41676"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41676",
              "url": "https://www.suse.com/security/cve/CVE-2026-41676"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270137 for CVE-2026-41676",
              "url": "https://bugzilla.suse.com/1270137"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41676"
        },
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.ppc64le",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.5:rust-keylime-0.2.9+49-150500.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T04:47:12Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }

    SUSE-SU-2026:2825-1

    Vulnerability from csaf_suse - Published: 2026-07-09 18:18 - Updated: 2026-07-09 18:18
    Summary
    Security update for rust-keylime
    Severity
    Important
    Notes
    Title of the patch: Security update for rust-keylime
    Description of the patch: This update for rust-keylime fixes the following issues - Update to version 0.2.9+49 - Update openssl to 0.10.81 - CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174). - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614). - CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270699). - CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792). - CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842). - CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523). - CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate (bsc#1270903). - CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999).
    Patchnames: SUSE-2026-2825,SUSE-SLE-Micro-5.3-2026-2825
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    References
    URL Category
    https://www.suse.com/support/security/rating/ external
    https://ftp.suse.com/pub/projects/security/csaf/s… self
    https://www.suse.com/support/update/announcement/… self
    https://lists.suse.com/pipermail/sle-updates/2026… self
    https://bugzilla.suse.com/1260596 self
    https://bugzilla.suse.com/1270174 self
    https://bugzilla.suse.com/1270523 self
    https://bugzilla.suse.com/1270614 self
    https://bugzilla.suse.com/1270699 self
    https://bugzilla.suse.com/1270792 self
    https://bugzilla.suse.com/1270842 self
    https://bugzilla.suse.com/1270903 self
    https://bugzilla.suse.com/1270999 self
    https://www.suse.com/security/cve/CVE-2026-41676/ self
    https://www.suse.com/security/cve/CVE-2026-41677/ self
    https://www.suse.com/security/cve/CVE-2026-41678/ self
    https://www.suse.com/security/cve/CVE-2026-41681/ self
    https://www.suse.com/security/cve/CVE-2026-41898/ self
    https://www.suse.com/security/cve/CVE-2026-42327/ self
    https://www.suse.com/security/cve/CVE-2026-44662/ self
    https://www.suse.com/security/cve/CVE-2026-45784/ self
    https://www.suse.com/security/cve/CVE-2026-41676 external
    https://bugzilla.suse.com/1270137 external
    https://www.suse.com/security/cve/CVE-2026-41677 external
    https://bugzilla.suse.com/1270540 external
    https://www.suse.com/security/cve/CVE-2026-41678 external
    https://bugzilla.suse.com/1270641 external
    https://www.suse.com/security/cve/CVE-2026-41681 external
    https://bugzilla.suse.com/1270719 external
    https://www.suse.com/security/cve/CVE-2026-41898 external
    https://bugzilla.suse.com/1270798 external
    https://www.suse.com/security/cve/CVE-2026-42327 external
    https://bugzilla.suse.com/1270454 external
    https://www.suse.com/security/cve/CVE-2026-44662 external
    https://bugzilla.suse.com/1270872 external
    https://www.suse.com/security/cve/CVE-2026-45784 external
    https://bugzilla.suse.com/1270946 external

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "important"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "Security update for rust-keylime",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "This update for rust-keylime fixes the following issues\n\n- Update to version 0.2.9+49\n- Update openssl to 0.10.81\n- CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174).\n- CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614).\n- CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270699).\n- CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792).\n- CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842).\n- CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523).\n- CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate (bsc#1270903).\n- CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999).\n",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "SUSE-2026-2825,SUSE-SLE-Micro-5.3-2026-2825",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2825-1.json"
          },
          {
            "category": "self",
            "summary": "URL for SUSE-SU-2026:2825-1",
            "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262825-1/"
          },
          {
            "category": "self",
            "summary": "E-Mail link for SUSE-SU-2026:2825-1",
            "url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048075.html"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1260596",
            "url": "https://bugzilla.suse.com/1260596"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270174",
            "url": "https://bugzilla.suse.com/1270174"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270523",
            "url": "https://bugzilla.suse.com/1270523"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270614",
            "url": "https://bugzilla.suse.com/1270614"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270699",
            "url": "https://bugzilla.suse.com/1270699"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270792",
            "url": "https://bugzilla.suse.com/1270792"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270842",
            "url": "https://bugzilla.suse.com/1270842"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270903",
            "url": "https://bugzilla.suse.com/1270903"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270999",
            "url": "https://bugzilla.suse.com/1270999"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41676 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41676/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "Security update for rust-keylime",
        "tracking": {
          "current_release_date": "2026-07-09T18:18:08Z",
          "generator": {
            "date": "2026-07-09T18:18:08Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "SUSE-SU-2026:2825-1",
          "initial_release_date": "2026-07-09T18:18:08Z",
          "revision_history": [
            {
              "date": "2026-07-09T18:18:08Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.aarch64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.aarch64",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.21.1.aarch64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.21.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.ppc64le",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.ppc64le",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.21.1.ppc64le"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.21.1.ppc64le",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.21.1.ppc64le",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.21.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.s390x",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.s390x",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.21.1.s390x"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.21.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.x86_64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.21.1.x86_64",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.21.1.x86_64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.21.1.x86_64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.21.1.x86_64",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "SUSE Linux Enterprise Micro 5.3",
                    "product": {
                      "name": "SUSE Linux Enterprise Micro 5.3",
                      "product_id": "SUSE Linux Enterprise Micro 5.3",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:suse:sle-micro:5.3"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150400.3.21.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
              "product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64"
            },
            "product_reference": "rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150400.3.21.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
              "product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x"
            },
            "product_reference": "rust-keylime-0.2.9+49-150400.3.21.1.s390x",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150400.3.21.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
              "product_id": "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            },
            "product_reference": "rust-keylime-0.2.9+49-150400.3.21.1.x86_64",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41676",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41676"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41676",
              "url": "https://www.suse.com/security/cve/CVE-2026-41676"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270137 for CVE-2026-41676",
              "url": "https://bugzilla.suse.com/1270137"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41676"
        },
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
              "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.aarch64",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.s390x",
                "SUSE Linux Enterprise Micro 5.3:rust-keylime-0.2.9+49-150400.3.21.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:18:08Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }

    SUSE-SU-2026:2826-1

    Vulnerability from csaf_suse - Published: 2026-07-09 18:21 - Updated: 2026-07-09 18:21
    Summary
    Security update for rust-keylime
    Severity
    Important
    Notes
    Title of the patch: Security update for rust-keylime
    Description of the patch: This update for rust-keylime fixes the following issues - Update to version 0.2.9+49 - Update openssl to 0.10.81 - CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174). - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614). - CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270699). - CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792). - CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842). - CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523). - CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate (bsc#1270903). - CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999).
    Patchnames: SUSE-2026-2826,SUSE-SLE-Micro-5.4-2026-2826
    Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact important
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    Affected products
    Product Identifier Version Remediation
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x
    Vendor Fix
    Unresolved product id: SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64
    Vendor Fix
    Threats
    Impact moderate
    References
    URL Category
    https://www.suse.com/support/security/rating/ external
    https://ftp.suse.com/pub/projects/security/csaf/s… self
    https://www.suse.com/support/update/announcement/… self
    https://lists.suse.com/pipermail/sle-updates/2026… self
    https://bugzilla.suse.com/1260596 self
    https://bugzilla.suse.com/1270174 self
    https://bugzilla.suse.com/1270523 self
    https://bugzilla.suse.com/1270614 self
    https://bugzilla.suse.com/1270699 self
    https://bugzilla.suse.com/1270792 self
    https://bugzilla.suse.com/1270842 self
    https://bugzilla.suse.com/1270903 self
    https://bugzilla.suse.com/1270999 self
    https://www.suse.com/security/cve/CVE-2026-41676/ self
    https://www.suse.com/security/cve/CVE-2026-41677/ self
    https://www.suse.com/security/cve/CVE-2026-41678/ self
    https://www.suse.com/security/cve/CVE-2026-41681/ self
    https://www.suse.com/security/cve/CVE-2026-41898/ self
    https://www.suse.com/security/cve/CVE-2026-42327/ self
    https://www.suse.com/security/cve/CVE-2026-44662/ self
    https://www.suse.com/security/cve/CVE-2026-45784/ self
    https://www.suse.com/security/cve/CVE-2026-41676 external
    https://bugzilla.suse.com/1270137 external
    https://www.suse.com/security/cve/CVE-2026-41677 external
    https://bugzilla.suse.com/1270540 external
    https://www.suse.com/security/cve/CVE-2026-41678 external
    https://bugzilla.suse.com/1270641 external
    https://www.suse.com/security/cve/CVE-2026-41681 external
    https://bugzilla.suse.com/1270719 external
    https://www.suse.com/security/cve/CVE-2026-41898 external
    https://bugzilla.suse.com/1270798 external
    https://www.suse.com/security/cve/CVE-2026-42327 external
    https://bugzilla.suse.com/1270454 external
    https://www.suse.com/security/cve/CVE-2026-44662 external
    https://bugzilla.suse.com/1270872 external
    https://www.suse.com/security/cve/CVE-2026-45784 external
    https://bugzilla.suse.com/1270946 external

    {
      "document": {
        "aggregate_severity": {
          "namespace": "https://www.suse.com/support/security/rating/",
          "text": "important"
        },
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
          "text": "Copyright 2024 SUSE LLC. All rights reserved.",
          "tlp": {
            "label": "WHITE",
            "url": "https://www.first.org/tlp/"
          }
        },
        "lang": "en",
        "notes": [
          {
            "category": "summary",
            "text": "Security update for rust-keylime",
            "title": "Title of the patch"
          },
          {
            "category": "description",
            "text": "This update for rust-keylime fixes the following issues\n\n- Update to version 0.2.9+49\n- Update openssl to 0.10.81\n- CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174).\n- CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614).\n- CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270699).\n- CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792).\n- CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842).\n- CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523).\n- CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate (bsc#1270903).\n- CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999).\n",
            "title": "Description of the patch"
          },
          {
            "category": "details",
            "text": "SUSE-2026-2826,SUSE-SLE-Micro-5.4-2026-2826",
            "title": "Patchnames"
          },
          {
            "category": "legal_disclaimer",
            "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            "title": "Terms of use"
          }
        ],
        "publisher": {
          "category": "vendor",
          "contact_details": "https://www.suse.com/support/security/contact/",
          "name": "SUSE Product Security Team",
          "namespace": "https://www.suse.com/"
        },
        "references": [
          {
            "category": "external",
            "summary": "SUSE ratings",
            "url": "https://www.suse.com/support/security/rating/"
          },
          {
            "category": "self",
            "summary": "URL of this CSAF notice",
            "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2826-1.json"
          },
          {
            "category": "self",
            "summary": "URL for SUSE-SU-2026:2826-1",
            "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262826-1/"
          },
          {
            "category": "self",
            "summary": "E-Mail link for SUSE-SU-2026:2826-1",
            "url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048074.html"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1260596",
            "url": "https://bugzilla.suse.com/1260596"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270174",
            "url": "https://bugzilla.suse.com/1270174"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270523",
            "url": "https://bugzilla.suse.com/1270523"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270614",
            "url": "https://bugzilla.suse.com/1270614"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270699",
            "url": "https://bugzilla.suse.com/1270699"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270792",
            "url": "https://bugzilla.suse.com/1270792"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270842",
            "url": "https://bugzilla.suse.com/1270842"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270903",
            "url": "https://bugzilla.suse.com/1270903"
          },
          {
            "category": "self",
            "summary": "SUSE Bug 1270999",
            "url": "https://bugzilla.suse.com/1270999"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41676 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41676/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41677 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41677/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41678 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41678/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41681 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41681/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-41898 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-41898/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-42327 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-42327/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-44662 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-44662/"
          },
          {
            "category": "self",
            "summary": "SUSE CVE CVE-2026-45784 page",
            "url": "https://www.suse.com/security/cve/CVE-2026-45784/"
          }
        ],
        "title": "Security update for rust-keylime",
        "tracking": {
          "current_release_date": "2026-07-09T18:21:49Z",
          "generator": {
            "date": "2026-07-09T18:21:49Z",
            "engine": {
              "name": "cve-database.git:bin/generate-csaf.pl",
              "version": "1"
            }
          },
          "id": "SUSE-SU-2026:2826-1",
          "initial_release_date": "2026-07-09T18:21:49Z",
          "revision_history": [
            {
              "date": "2026-07-09T18:21:49Z",
              "number": "1",
              "summary": "Current version"
            }
          ],
          "status": "final",
          "version": "1"
        }
      },
      "product_tree": {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.aarch64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.aarch64",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.19.1.aarch64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.19.1.aarch64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "aarch64"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.ppc64le",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.ppc64le",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.19.1.ppc64le"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.19.1.ppc64le",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.19.1.ppc64le",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.19.1.ppc64le"
                    }
                  }
                ],
                "category": "architecture",
                "name": "ppc64le"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.s390x",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.s390x",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.19.1.s390x"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.19.1.s390x"
                    }
                  }
                ],
                "category": "architecture",
                "name": "s390x"
              },
              {
                "branches": [
                  {
                    "category": "product_version",
                    "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.x86_64",
                    "product": {
                      "name": "keylime-ima-policy-0.2.9+49-150400.3.19.1.x86_64",
                      "product_id": "keylime-ima-policy-0.2.9+49-150400.3.19.1.x86_64"
                    }
                  },
                  {
                    "category": "product_version",
                    "name": "rust-keylime-0.2.9+49-150400.3.19.1.x86_64",
                    "product": {
                      "name": "rust-keylime-0.2.9+49-150400.3.19.1.x86_64",
                      "product_id": "rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
                    }
                  }
                ],
                "category": "architecture",
                "name": "x86_64"
              },
              {
                "branches": [
                  {
                    "category": "product_name",
                    "name": "SUSE Linux Enterprise Micro 5.4",
                    "product": {
                      "name": "SUSE Linux Enterprise Micro 5.4",
                      "product_id": "SUSE Linux Enterprise Micro 5.4",
                      "product_identification_helper": {
                        "cpe": "cpe:/o:suse:sle-micro:5.4"
                      }
                    }
                  }
                ],
                "category": "product_family",
                "name": "SUSE Linux Enterprise"
              }
            ],
            "category": "vendor",
            "name": "SUSE"
          }
        ],
        "relationships": [
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
              "product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64"
            },
            "product_reference": "rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150400.3.19.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
              "product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x"
            },
            "product_reference": "rust-keylime-0.2.9+49-150400.3.19.1.s390x",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
          },
          {
            "category": "default_component_of",
            "full_product_name": {
              "name": "rust-keylime-0.2.9+49-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
              "product_id": "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            },
            "product_reference": "rust-keylime-0.2.9+49-150400.3.19.1.x86_64",
            "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
          }
        ]
      },
      "vulnerabilities": [
        {
          "cve": "CVE-2026-41676",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41676"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41676",
              "url": "https://www.suse.com/security/cve/CVE-2026-41676"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270137 for CVE-2026-41676",
              "url": "https://bugzilla.suse.com/1270137"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41676"
        },
        {
          "cve": "CVE-2026-41677",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41677"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41677",
              "url": "https://www.suse.com/security/cve/CVE-2026-41677"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270540 for CVE-2026-41677",
              "url": "https://bugzilla.suse.com/1270540"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41677"
        },
        {
          "cve": "CVE-2026-41678",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41678"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From  to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 \u003c= in_.len(), but this condition is reversed. The intended invariant is out.len() \u003e= in_.len() - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers at or below the minimum required size and rejects larger ones. If a smaller buffer is provided the function will write past the end of out by in_.len() - 8 - out.len() bytes, causing an out-of-bounds write from a safe public function. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41678",
              "url": "https://www.suse.com/security/cve/CVE-2026-41678"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270641 for CVE-2026-41678",
              "url": "https://bugzilla.suse.com/1270641"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-41678"
        },
        {
          "cve": "CVE-2026-41681",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41681"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller than that, MdCtxRef::digest_final() writes past its end, usually corrupting the stack. This is reachable from safe Rust. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41681",
              "url": "https://www.suse.com/security/cve/CVE-2026-41681"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270719 for CVE-2026-41681",
              "url": "https://bugzilla.suse.com/1270719"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41681"
        },
        {
          "cve": "CVE-2026-41898",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-41898"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language.  From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-41898",
              "url": "https://www.suse.com/security/cve/CVE-2026-41898"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270798 for CVE-2026-41898",
              "url": "https://bugzilla.suse.com/1270798"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-41898"
        },
        {
          "cve": "CVE-2026-42327",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-42327"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-42327",
              "url": "https://www.suse.com/security/cve/CVE-2026-42327"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270454 for CVE-2026-42327",
              "url": "https://bugzilla.suse.com/1270454"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "important"
            }
          ],
          "title": "CVE-2026-42327"
        },
        {
          "cve": "CVE-2026-44662",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-44662"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipher_update, CipherCtxRef::cipher_update_vec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller\u0027s buffer or Vec, producing attacker-controllable heap corruption when the plaintext length is attacker-influenced. This only impacts users using AES key-wrap-with-padding ciphers. This vulnerability is fixed in 0.10.79.",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-44662",
              "url": "https://www.suse.com/security/cve/CVE-2026-44662"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270872 for CVE-2026-44662",
              "url": "https://bugzilla.suse.com/1270872"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-44662"
        },
        {
          "cve": "CVE-2026-45784",
          "ids": [
            {
              "system_name": "SUSE CVE Page",
              "text": "https://www.suse.com/security/cve/CVE-2026-45784"
            }
          ],
          "notes": [
            {
              "category": "general",
              "text": "unknown",
              "title": "CVE description"
            }
          ],
          "product_status": {
            "recommended": [
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
              "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
            ]
          },
          "references": [
            {
              "category": "external",
              "summary": "CVE-2026-45784",
              "url": "https://www.suse.com/security/cve/CVE-2026-45784"
            },
            {
              "category": "external",
              "summary": "SUSE Bug 1270946 for CVE-2026-45784",
              "url": "https://bugzilla.suse.com/1270946"
            }
          ],
          "remediations": [
            {
              "category": "vendor_fix",
              "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
              "product_ids": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "scores": [
            {
              "cvss_v3": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "products": [
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.aarch64",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.s390x",
                "SUSE Linux Enterprise Micro 5.4:rust-keylime-0.2.9+49-150400.3.19.1.x86_64"
              ]
            }
          ],
          "threats": [
            {
              "category": "impact",
              "date": "2026-07-09T18:21:49Z",
              "details": "moderate"
            }
          ],
          "title": "CVE-2026-45784"
        }
      ]
    }