Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

openSUSE rust-keylime Important Buffer Overflow Issues Fixed 2026-21274-1

opensuse
Calendar Grey July 10, 2026
Dist Opensuse Esm H88
Update for openSUSE fixes important security issues in rust-keylime addressing 8 vulnerabilities and 9 bug fixes.
An update that solves 8 vulnerabilities and has 9 bug fixes can now be installed.

Description

This update for rust-keylime fixes the following issues:

Update to version 0.2.9+49.

Security issues fixed:

- CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1

(bsc#1270174).

- CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length

(bsc#1270614).

- CVE-2026-41678: openssl: out-of-bounds write due to incorrect bounds assertion in `aes::unwrap_key()` (bsc#1270699).

- CVE-2026-41681: openssl: `MdCtxRef::digest_final()` writes past caller buffer with no length check (bsc#1270792).

- CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent

memory to the network (bsc#1270842).

- CVE-2026-42327: openssl: undefined behavior in `X509Ref::ocsp_responders` for certificates with non-UTF-8 OCSP URLs

(bsc#1270523).

- CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding due to...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

keylime-ima-policy-0.2.9+49-160000.1.1

rust-keylime-0.2.9+49-160000.1.1

References

* bsc#1260596

* bsc#1270174

* bsc#1270523

* bsc#1270614

* bsc#1270699

* bsc#1270792

* bsc#1270842

* bsc#1270903

* bsc#1270999

References:

* https://www.suse.com/security/cve/CVE-2026-41676.html

* https://www.suse.com/security/cve/CVE-2026-41677.html

* https://www.suse.com/security/cve/CVE-2026-41678.html

* https://www.suse.com/security/cve/CVE-2026-41681.html

* https://www.suse.com/security/cve/CVE-2026-41898.html

* https://www.suse.com/security/cve/CVE-2026-42327.html

* https://www.suse.com/security/cve/CVE-2026-44662.html

* https://www.suse.com/security/cve/CVE-2026-45784.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:21274-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.