This update for agama fixes the following issue
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257930).
Changes for agama:
- Update "time" crate to version 0.3.47.
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-748=1
- openSUSE Leap 16.0:
agama-17+570.fe7244a50-160000.10.1
agama-autoinstall-17+570.fe7244a50-160000.10.1
agama-cli-17+570.fe7244a50-160000.10.1
agama-cli-bash-completion-17+570.fe7244a50-160000.10.2
agama-cli-fish-completion-17+570.fe7244a50-160000.10.2
agama-cli-zsh-completion-17+570.fe7244a50-160000.10.2
agama-openapi-17+570.fe7244a50-160000.10.1
agama-scripts-17+570.fe7244a50-160000.10.1
* bsc#1257930
References:
* https://www.suse.com/security/cve/CVE-2026-25727.html
Get the latest Linux and open source security news straight to your inbox.