{"affected":[{"ecosystem_specific":{"binaries":[{"rust-keylime":"0.2.7+141-150400.3.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"rust-keylime","purl":"pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.7+141-150400.3.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rust-keylime fixes the following issues:\n\n- Update to version 0.2.7+141:\n  * CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)\n    \n- Update to version 0.2.7+117:\n  * CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).\n  * CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).\n  * CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).\n  * CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).\n  * CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).\n  * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)\n","id":"SUSE-SU-2025:02809-1","modified":"2025-08-15T12:51:37Z","published":"2025-08-15T12:51:37Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502809-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1210344"},{"type":"REPORT","url":"https://bugzilla.suse.com/1223234"},{"type":"REPORT","url":"https://bugzilla.suse.com/1229952"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230029"},{"type":"REPORT","url":"https://bugzilla.suse.com/1242623"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243861"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247193"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-26964"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-12224"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-32650"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-43806"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3416"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58266"}],"related":["CVE-2023-26964","CVE-2024-12224","CVE-2024-32650","CVE-2024-43806","CVE-2025-3416","CVE-2025-58266"],"summary":"Security update for rust-keylime","upstream":["CVE-2023-26964","CVE-2024-12224","CVE-2024-32650","CVE-2024-43806","CVE-2025-3416","CVE-2025-58266"]}