{"affected":[{"ecosystem_specific":{"binaries":[{"rust-keylime":"0.2.8+12-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"rust-keylime","purl":"pkg:rpm/suse/rust-keylime&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.2.8+12-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rust-keylime fixes the following issues:\n\n- Update vendored crate slab to version 0.4.11\n * CVE-2025-55159: Fixed incorrect bounds check in get_disjoint_mut function \n leading to undefined behavior or potential crash due to out-of-bounds \n access (bsc#1248006)\n\n- Update to version 0.2.8+12:\n * build(deps): bump actions/checkout from 4 to 5\n * build(deps): bump cfg-if from 1.0.0 to 1.0.1\n * build(deps): bump openssl from 0.10.72 to 0.10.73\n * build(deps): bump clap from 4.5.39 to 4.5.45\n * build(deps): bump pest from 2.8.0 to 2.8.1\n * Fix clippy warnings\n * Use verifier-provided interval for continuous attestation timing\n * Add meta object with seconds_to_next_attestation to evidence response\n * Fix boot time retrieval\n * Fix IMA log format (it must be ['text/plain']) (#1073)\n * Remove unnecessary configuration fields\n * cargo: Bump retry-policies to version 0.4.0\n\n- Update vendored crate shlex to version 1.3.0\n * CVE-2024-58266: Fixed command injection (bsc#1247193) \n\n- Update to version 0.2.7+141:\n * service: Use WantedBy=multi-user.target\n * rpm: Add subpackage for push-attestation agent\n * push-model: implement continuous attestation with configurable intervals\n * Retry registration forever in the state machine\n * Add Verifier URL to configuration\n * Align exp.backoff to current configuration format\n * Increase coverage of state machine (using Context)\n * Increase coverage of struct_filler.rs\n * Groom code (remove dead code)\n * Fix exponential backoff (10secs, 4xx accepted)\n * test: Add documentation test to tests/run.sh\n * tpm: Avoid running code example during documentation tests\n * state_machine: Always start the agent from the Unregistered state\n * Add fixes for the URL construction\n * Refactor evidences collection in push attestation agent\n * push-model: refactor attestation logic into a state machine\n * Fix body sending by allowing serializing strings (#1057)\n * Log ResilientClient errors/response status codes (#1055)\n * Add AK signing scheme and hash algorithm to negotiation\n * tpm: Add method to extract signing scheme and hash algorithm from AK\n * Allow custom content-type/accept headers\n * Integrate exponential backoff to registration (#1052)\n * keylime/structures: Rename ShaValues to PcrBanks\n * Add resilient_client for exponential backoff (#1048)\n\n- Update vendored crate openssl 0.10.73:\n * CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch (bsc#1242623) \n\n- Update to version 0.2.7+117:\n * Increase coverage in evidence handling structure\n * Add Capabilities Negotiations resp. missing fields\n * Fix UEFI test to check file access in all cases\n * context_info_handler: Do not assume /var/lib/keylime exists\n * Fix clippy warnings about uninlined format arguments\n * attestation: Allow unwrap() in tests\n * Increase coverage (groom code, extend unit tests)\n * Include IMA/UEFI logs in Evidence Handling request\n * Include method to get all IMA entries as string\n * Send correct list of pcr banks and sign algorithms\n * Try to fix TPM tests related issues\n * Define attestation perform asynchronous\n * Perform attestation in push model agent binary\n * Refactor code to use new attestation.rs\n * Create attestation.rs for Attestation stuff\n * Move ContextInfo management to its own handler\n * Adjust context_info.rs after rebase\n * Add attestation function to ContextInfo structure\n * Add prohibited signing algorithms, avoid ecschnorr\n * keylime/config: Use macro to implement PushModelConfigTrait\n * Introduce keylime-macros and define_view_trait\n * config: Remove KeylimeConfig structure\n * config: Remove unnecessary options and lazy initialization\n * Fix pcr_bank function to send all possible slots\n * Send Content-Type:application/json on request (#1039)\n * Send correct 'key_algorithm' in certification_keys (#1035)\n * Push Model: Persist Attestation Key to file\n * Add Keylime push model binary to root GNUmakefile\n * Use singleton to avoid multiple Context allocation\n * tests: Do not assume `/var/lib/keylime` exists (#1030)\n * lib/cert: Fix race condition due to use of same file path\n * payloads: Fix race condition in tests\n * Add uefi_log_handler.rs to parse UEFI binary\n * Use IMA log parser to send correct entry count\n * Add IMA log parser\n * build(deps): bump once_cell from 1.19.0 to 1.21.3\n * lib/config/base.rs: Add more unit tests\n * lib/permissions: Add unit tests\n * keylime-agent: move JsonWrapper from common.rs to the library\n * lib/agent_data: Move agent_data related tests from common\n * common: Replace APIVersion with the library Version structure\n * keylime_agent: Move secure_mount.rs to the library\n * lib: Rename keylime_error.rs as error.rs\n * config: Move config to keylime library\n * config: Rename push_model_config to push_model\n * lib: Move permissions.rs from keylime-agent to the lib\n * Extract Capabilities Negotiation info from TPM (#1014)\n","id":"SUSE-SU-2025:20717-1","modified":"2025-09-16T07:50:08Z","published":"2025-09-16T07:50:08Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520717-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1242623"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247193"},{"type":"REPORT","url":"https://bugzilla.suse.com/1248006"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-58266"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3416"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-55159"}],"related":["CVE-2024-58266","CVE-2025-3416","CVE-2025-55159"],"summary":"Security update for rust-keylime","upstream":["CVE-2024-58266","CVE-2025-3416","CVE-2025-55159"]}