Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: rust-az-cvm-vtpm Critical Fix Multiple CVEs 2025-2408b72979

fedora
Calendar Grey September 26, 2025
Dist Fedora Esm H88
Important enhancement for Fedora 42 rust-az-cvm-vtpm tackles several CVEs impacting both safety and performance.
Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust (patches) to work with 'sev' version 6.

Summary

Package with shared code for Azure Confidential VMs.

Update Information:

Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust (patches) to work with 'sev' version 6.

Topics%20covered

Topics Covered

security advisory denial of service fedora critical memory management crossbeam

Change Log

* Mon Sep 15 2025 Uri Lublin - 0.7.4-3 - Rebuilt * Thu Sep 4 2025 Uri Lublin - 0.7.4-2 - Rebase to az-cvm-vtpm-0.7.4: add bugs to changelog * Thu Sep 4 2025 Uri Lublin - 0.7.4-1 - Rebase to az-cvm-vtpm-0.7.4 * Thu Sep 4 2025 Uri Lublin - 0.7.3-1 - Rebase to az-cvm-vtpm-0.7.3

References


[ 1 ] Bug #2366579 - CVE-2025-4574 trustee-guest-components: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366579 [ 2 ] Bug #2372843 - F42FailsToInstall: rust-az-cvm-vtpm-devel, rust-az-cvm-vtpm+verifier-devel https://bugzilla.redhat.com/show_bug.cgi?id=2372843 [ 3 ] Bug #2376753 - CVE-2025-53605 trustee-guest-components: Protobuf: Uncontrolled Recursion Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2376753 [ 4 ] Bug #2384045 - CVE-2023-53160 trustee-guest-components: Sequoia OpenPGP Array Access Panic [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2384045 [ 5 ] Bug #2384047 - CVE-2023-53161 trustee-guest-components: Buffered-Reader Out-of-Bounds Access Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2384047

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-2408b72979' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-az-cvm-vtpm
Product: Fedora 42
Version: 0.7.4
Release: 3.fc42
URL: https://crates.io/crates/az-cvm-vtpm
Summary: Package with shared code for Azure Confidential VMs

Topics%20covered

Topics Covered

security advisory denial of service fedora critical memory management crossbeam

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here