Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

SUSE rustup Important Security Update Advisory 2026-2831-1

suse
Calendar Grey July 10, 2026
Dist Suse Esm H88
Install the important security update for rustup addressing multiple vulnerabilities in SUSE distributions.
An update that solves 11 vulnerabilities and has two security fixes can now be installed.

Summary

## This update for rustup fixes the following issues Security issues: * CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243862). * CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249008). * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257902). * CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270186). * CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust- openssl crate (bsc#1270619). * CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust- openssl crate (bsc#1270644).

References

* bsc#1203257

* bsc#1230032

* bsc#1243862

* bsc#1249008

* bsc#1257902

* bsc#1270186

* bsc#1270521

* bsc#1270619

* bsc#1270644

* bsc#1270795

* bsc#1270870

* bsc#1270874

* bsc#1270989

Cross-

* CVE-2024-12224

* CVE-2025-58160

* CVE-2026-25727

* CVE-2026-41676

* CVE-2026-41677

* CVE-2026-41678

* CVE-2026-41681

* CVE-2026-41898

* CVE-2026-42327

* CVE-2026-44662

* CVE-2026-45784

CVSS scores:

* CVE-2024-12224 ( SUSE ): 2.1

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

* CVE-2024-12224 ( NVD ): 5.1

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2831-1
Release Date: 2026-07-09T18:55:58Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.