Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves five vulnerabilities, contains two features and has three security fixes can now be installed.. # Security update for go1.26-openssl Announcement ID: SUSE-SU-2026:3102-1 Release Date: 2026-07-17T13:10:42Z Rating: important References: * bsc#1245878 * bsc#1255111 * bsc#1264395 * bsc#1267442 * bsc#1267444 * bsc#1267450 * bsc#1271014 * bsc#1271015 * jsc#PED-1962 * jsc#SLE-18320 Cross-References: * CVE-2026-27145 * CVE-2026-39822 * CVE-2026-42504 * CVE-2026-42505 * CVE-2026-42507 CVSS scores: * CVE-2026-27145 ( SUSE ): 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-27145 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2026-27145 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-27145 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-39822 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H * CVE-2026-39822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42504 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-42504 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-42504 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-42505 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42505 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-42507 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-42507 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-42507 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: * Development Tools Module 15-SP7 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server 15 SP7 * SUSE LinuxEnterprise Server for SAP Applications 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 An update that solves five vulnerabilities, contains two features and has three security fixes can now be installed. ## Description: This update for go1.26-openssl fixes the following issues * Update to version go1.26.5 (bsc#1255111). * CVE-2026-27145: crypto/x509: split candidate hostname only once (bsc#1267450). * CVE-2026-39822: os: Root escape via symlink plus trailing slash (bsc#1271014). * CVE-2026-42504: mime: quadratic complexity in WordDecoder.DecodeHeader (bsc#1267442). * CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello (bsc#1271015). * CVE-2026-42507: net/textproto: arbitrary input are included in errors without any escaping (bsc#1267444). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-3102=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-3102=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3102=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3102=1 ## Package List: * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * go1.26-openssl-race-1.26.5-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * go1.26-openssl-race-1.26.5-150600.13.9.1 * openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) *go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * go1.26-openssl-race-1.26.5-150600.13.9.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * go1.26-openssl-doc-1.26.5-150600.13.9.1 * go1.26-openssl-1.26.5-150600.13.9.1 * go1.26-openssl-race-1.26.5-150600.13.9.1 ## References: * https://www.suse.com/security/cve/CVE-2026-27145.html * https://www.suse.com/security/cve/CVE-2026-39822.html * https://www.suse.com/security/cve/CVE-2026-42504.html * https://www.suse.com/security/cve/CVE-2026-42505.html * https://www.suse.com/security/cve/CVE-2026-42507.html * https://bugzilla.suse.com/show_bug.cgi?id=1245878 * https://bugzilla.suse.com/show_bug.cgi?id=1255111 * https://bugzilla.suse.com/show_bug.cgi?id=1264395 * https://bugzilla.suse.com/show_bug.cgi?id=1267442 * https://bugzilla.suse.com/show_bug.cgi?id=1267444 * https://bugzilla.suse.com/show_bug.cgi?id=1267450 * https://bugzilla.suse.com/show_bug.cgi?id=1271014 * https://bugzilla.suse.com/show_bug.cgi?id=1271015 * https://jira.suse.com/browse/PED-1962 * https://jira.suse.com/browse/SLE-18320 . An update for openSUSE addresses five issues in go1.26-openssl with important security fixes to implement now.. openSUSE security, go1.26-openssl patch, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-40856 http://linux.oracle.com/errata/ELSA-2026-40856.html The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network: x86_64: python3.14-3.14.5-1.el10_2.1.x86_64.rpm python3.14-debug-3.14.5-1.el10_2.1.x86_64.rpm python3.14-devel-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-debug-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-devel-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-idle-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-libs-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-test-3.14.5-1.el10_2.1.x86_64.rpm python3.14-freethreading-tkinter-3.14.5-1.el10_2.1.x86_64.rpm python3.14-idle-3.14.5-1.el10_2.1.x86_64.rpm python3.14-libs-3.14.5-1.el10_2.1.x86_64.rpm python3.14-test-3.14.5-1.el10_2.1.x86_64.rpm python3.14-tkinter-3.14.5-1.el10_2.1.x86_64.rpm aarch64: python3.14-3.14.5-1.el10_2.1.aarch64.rpm python3.14-debug-3.14.5-1.el10_2.1.aarch64.rpm python3.14-devel-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-debug-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-devel-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-idle-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-libs-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-test-3.14.5-1.el10_2.1.aarch64.rpm python3.14-freethreading-tkinter-3.14.5-1.el10_2.1.aarch64.rpm python3.14-idle-3.14.5-1.el10_2.1.aarch64.rpm python3.14-libs-3.14.5-1.el10_2.1.aarch64.rpm python3.14-test-3.14.5-1.el10_2.1.aarch64.rpm python3.14-tkinter-3.14.5-1.el10_2.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol10/SRPMS-updates/python3.14-3.14.5-1.el10_2.1.src.rpm Related CVEs: CVE-2026-15308 Description of changes: [3.14.5-1.1] - Security fix for CVE-2026-15308 Resolves: RHEL-193775 [3.14.5-1] - Update to3.14.5 Resolves: RHEL-176147 [3.14.5~rc1-1] - Update to 3.14.5rc1 - Move back to the generational from the incremental garbage collector - Security fix for CVE-2026-6019 Resolves: RHEL-176147 _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-39893 http://linux.oracle.com/errata/ELSA-2026-39893.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: python3.12-3.12.13-3.el8_10.i686.rpm python3.12-3.12.13-3.el8_10.x86_64.rpm python3.12-debug-3.12.13-3.el8_10.i686.rpm python3.12-debug-3.12.13-3.el8_10.x86_64.rpm python3.12-devel-3.12.13-3.el8_10.i686.rpm python3.12-devel-3.12.13-3.el8_10.x86_64.rpm python3.12-idle-3.12.13-3.el8_10.i686.rpm python3.12-idle-3.12.13-3.el8_10.x86_64.rpm python3.12-libs-3.12.13-3.el8_10.i686.rpm python3.12-libs-3.12.13-3.el8_10.x86_64.rpm python3.12-rpm-macros-3.12.13-3.el8_10.noarch.rpm python3.12-test-3.12.13-3.el8_10.i686.rpm python3.12-test-3.12.13-3.el8_10.x86_64.rpm python3.12-tkinter-3.12.13-3.el8_10.i686.rpm python3.12-tkinter-3.12.13-3.el8_10.x86_64.rpm aarch64: python3.12-3.12.13-3.el8_10.aarch64.rpm python3.12-debug-3.12.13-3.el8_10.aarch64.rpm python3.12-devel-3.12.13-3.el8_10.aarch64.rpm python3.12-idle-3.12.13-3.el8_10.aarch64.rpm python3.12-libs-3.12.13-3.el8_10.aarch64.rpm python3.12-rpm-macros-3.12.13-3.el8_10.noarch.rpm python3.12-test-3.12.13-3.el8_10.aarch64.rpm python3.12-tkinter-3.12.13-3.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/python3.12-3.12.13-3.el8_10.src.rpm Related CVEs: CVE-2026-15308 Description of changes: [3.12.13-3] - Security fix for CVE-2026-15308 Resolves: RHEL-193776 _______________________________________________ El-errata mailing list
Important: perl-XML-LibXML security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:39878", "synopsis": "Important: perl-XML-LibXML security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-XML-LibXML.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module implements a Perl interface to the GNOME libxml2 library which provides interfaces for parsing and manipulating XML files. This module allows Perl programmers to make use of the highly capable validating XML parser and the high performance DOM implementation.\n\nSecurity Fix(es):\n\n* perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names (CVE-2026-8177)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2468684", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2468684", "description": ""}], "cves": [{"name": "CVE-2026-8177", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8177", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-125"}], "references": [], "publishedAt": "2026-07-16T00:01:09.519027Z", "rpms": {"Rocky Linux 8": {"nvras": ["perl-XML-LibXML-1:2.0132-3.el8_10.aarch64.rpm", "perl-XML-LibXML-1:2.0132-3.el8_10.src.rpm", "perl-XML-LibXML-1:2.0132-3.el8_10.x86_64.rpm", "perl-XML-LibXML-debuginfo-1:2.0132-3.el8_10.aarch64.rpm", "perl-XML-LibXML-debuginfo-1:2.0132-3.el8_10.x86_64.rpm", "perl-XML-LibXML-debugsource-1:2.0132-3.el8_10.aarch64.rpm", "perl-XML-LibXML-debugsource-1:2.0132-3.el8_10.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}.A crucial security update is released for perl-XML-LibXML on Rocky Linux addressing denial of service issues.. Rocky Linux perl-XML-LibXML security Denial of Service. . Severity: Important. LinuxSecurity.com Team
An update that solves 10 vulnerabilities and has one security fix can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:2839-1 Release Date: 2026-07-10T09:09:31Z Rating: important References: * bsc#1255416 * bsc#1264610 * bsc#1265421 * bsc#1266214 * bsc#1266969 * bsc#1267205 * bsc#1267531 * bsc#1267684 * bsc#1269100 * bsc#1269574 * bsc#1270059 Cross-References: * CVE-2025-68324 * CVE-2026-43198 * CVE-2026-45970 * CVE-2026-46090 * CVE-2026-46113 * CVE-2026-46266 * CVE-2026-46331 * CVE-2026-52918 * CVE-2026-53253 * CVE-2026-53359 CVSS scores: * CVE-2025-68324 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43198 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43198 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43198 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43198 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46090 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46090 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46090 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46113 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-46113 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46113 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46266 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46266 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-46331 ( SUSE ): 7.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-46331 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46331 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52918 ( SUSE ): 8.6 CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-52918 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-52918 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-53253 ( SUSE ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-53253 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-53359 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H * CVE-2026-53359 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 11 SP4 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE An update that solves 10 vulnerabilities and has one security fix can now be installed. ## Description: The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416). * CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610). * CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205). * CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop (bsc#1267531). * CVE-2026-46113: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (bsc#1266969). * CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684). * CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache (bsc#1265421). * CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100). * CVE-2026-53253: Bluetooth: bnep: reject short frames before parsing (bsc#1269574). * CVE-2026-53359: KVM: x86: Fixshadow paging use-after-free due to unexpected role (bsc#1270059). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-2839=1 * SUSE Linux Enterprise Server 11 SP4 zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-2839=1 ## Package List: * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64) * kernel-trace-3.0.101-108.213.1 * kernel-ec2-3.0.101-108.213.1 * kernel-xen-3.0.101-108.213.1 * kernel-default-3.0.101-108.213.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64) * kernel-trace-devel-debuginfo-3.0.101-108.213.1 * kernel-ec2-devel-debuginfo-3.0.101-108.213.1 * kernel-default-devel-debuginfo-3.0.101-108.213.1 * kernel-xen-debugsource-3.0.101-108.213.1 * kernel-xen-devel-3.0.101-108.213.1 * kernel-default-debugsource-3.0.101-108.213.1 * kernel-ec2-devel-3.0.101-108.213.1 * kernel-default-debuginfo-3.0.101-108.213.1 * kernel-trace-debuginfo-3.0.101-108.213.1 * kernel-source-3.0.101-108.213.1 * kernel-trace-base-3.0.101-108.213.1 * kernel-ec2-debugsource-3.0.101-108.213.1 * kernel-trace-debugsource-3.0.101-108.213.1 * kernel-xen-base-3.0.101-108.213.1 * kernel-ec2-base-3.0.101-108.213.1 * kernel-ec2-debuginfo-3.0.101-108.213.1 * kernel-default-base-3.0.101-108.213.1 * kernel-default-devel-3.0.101-108.213.1 * kernel-syms-3.0.101-108.213.1 * kernel-trace-devel-3.0.101-108.213.1 * kernel-xen-devel-debuginfo-3.0.101-108.213.1 * kernel-xen-debuginfo-3.0.101-108.213.1 * SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (noarch nosrc) * kernel-docs-3.0.101-108.213.1 *SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64) * kernel-trace-3.0.101-108.213.1 * kernel-ec2-3.0.101-108.213.1 * kernel-xen-3.0.101-108.213.1 * kernel-default-3.0.101-108.213.1 * SUSE Linux Enterprise Server 11 SP4 (x86_64) * kernel-trace-devel-debuginfo-3.0.101-108.213.1 * kernel-ec2-devel-debuginfo-3.0.101-108.213.1 * kernel-default-devel-debuginfo-3.0.101-108.213.1 * kernel-xen-debugsource-3.0.101-108.213.1 * kernel-xen-devel-3.0.101-108.213.1 * kernel-default-debugsource-3.0.101-108.213.1 * kernel-ec2-devel-3.0.101-108.213.1 * kernel-default-debuginfo-3.0.101-108.213.1 * kernel-trace-debuginfo-3.0.101-108.213.1 * kernel-source-3.0.101-108.213.1 * kernel-trace-base-3.0.101-108.213.1 * kernel-ec2-debugsource-3.0.101-108.213.1 * kernel-trace-debugsource-3.0.101-108.213.1 * kernel-xen-base-3.0.101-108.213.1 * kernel-ec2-base-3.0.101-108.213.1 * kernel-ec2-debuginfo-3.0.101-108.213.1 * kernel-default-base-3.0.101-108.213.1 * kernel-default-devel-3.0.101-108.213.1 * kernel-syms-3.0.101-108.213.1 * kernel-trace-devel-3.0.101-108.213.1 * kernel-xen-devel-debuginfo-3.0.101-108.213.1 * kernel-xen-debuginfo-3.0.101-108.213.1 * SUSE Linux Enterprise Server 11 SP4 (noarch nosrc) * kernel-docs-3.0.101-108.213.1 ## References: * https://www.suse.com/security/cve/CVE-2025-68324.html * https://www.suse.com/security/cve/CVE-2026-43198.html * https://www.suse.com/security/cve/CVE-2026-45970.html * https://www.suse.com/security/cve/CVE-2026-46090.html * https://www.suse.com/security/cve/CVE-2026-46113.html * https://www.suse.com/security/cve/CVE-2026-46266.html * https://www.suse.com/security/cve/CVE-2026-46331.html * https://www.suse.com/security/cve/CVE-2026-52918.html * https://www.suse.com/security/cve/CVE-2026-53253.html * https://www.suse.com/security/cve/CVE-2026-53359.html * https://bugzilla.suse.com/show_bug.cgi?id=1255416 * https://bugzilla.suse.com/show_bug.cgi?id=1264610 *https://bugzilla.suse.com/show_bug.cgi?id=1265421 * https://bugzilla.suse.com/show_bug.cgi?id=1266214 * https://bugzilla.suse.com/show_bug.cgi?id=1266969 * https://bugzilla.suse.com/show_bug.cgi?id=1267205 * https://bugzilla.suse.com/show_bug.cgi?id=1267531 * https://bugzilla.suse.com/show_bug.cgi?id=1267684 * https://bugzilla.suse.com/show_bug.cgi?id=1269100 * https://bugzilla.suse.com/show_bug.cgi?id=1269574 * https://bugzilla.suse.com/show_bug.cgi?id=1270059 . SUSE's advisory 2026-2839-1 addresses important kernel security issues for Enterprise Server 11 SP4. Take necessary actions today.. SUSE kernel update, Linux kernel vulnerabilities, SUSE security patch. . Severity: Important. LinuxSecurity.com Team
An update that solves 11 vulnerabilities and has two security fixes can now be installed.. # Security update for rustup Announcement ID: SUSE-SU-2026:2831-1 Release Date: 2026-07-09T18:55:58Z Rating: important References: * bsc#1203257 * bsc#1230032 * bsc#1243862 * bsc#1249008 * bsc#1257902 * bsc#1270186 * bsc#1270521 * bsc#1270619 * bsc#1270644 * bsc#1270795 * bsc#1270870 * bsc#1270874 * bsc#1270989 Cross-References: * CVE-2024-12224 * CVE-2025-58160 * CVE-2026-25727 * CVE-2026-41676 * CVE-2026-41677 * CVE-2026-41678 * CVE-2026-41681 * CVE-2026-41898 * CVE-2026-42327 * CVE-2026-44662 * CVE-2026-45784 CVSS scores: * CVE-2024-12224 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2024-12224 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2024-12224 ( NVD ): 5.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-58160 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-58160 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2025-58160 ( NVD ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( NVD ): 6.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-25727 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U * CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-41677 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-41678 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-41681 ( NVD ): 8.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L *CVE-2026-41898 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42327 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-44662 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves 11 vulnerabilities and has two securityfixes can now be installed. ## Description: This update for rustup fixes the following issues Security issues: * CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243862). * CVE-2025-58160: tracing-subscriber: Tracing log pollution (bsc#1249008). * CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257902). * CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270186). * CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust- openssl crate (bsc#1270619). * CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust- openssl crate (bsc#1270644). * CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270795). * CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270870). * CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270521). * CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key- wrap-with-padding in rust-openssl crate (bsc#1270874). * CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust- openssl crate (bsc#1270989). * rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27) (bsc#1230032). Non security issue: * devel:languages:rust/rustup: Missing symlink for rust-analyzer (bsc#1203257). Changes for rustup: * Completely drop openssl to prevent future security issues Update to version 1.28.2~0: * Deprecate native-tls as well * Enable HTTP/2 support for reqwest download backend * Emit tracing events from log facadecalls * download: show Debug representation for errors * Avoid repeated globals in tracing events * Log original download errors immediately * feat(cli/rustup-mode): add aliases to `rustup component remove` * Switch flate2 to use the zlib-rs backend * Hardlink proxies if symlinks aren't reachable * Add powerpc64le-unknown-linux-musl support * Add toolchain_name to not installed bail msg * Warn about using curl * Drop workspace indirection * Fold download crate back into rustup * download: merge integration test files * chore(deps): lock file maintenance * Test CARGO environment replacement * Update CARGO env var if it is a rustup proxy * Tweak toolchain subcommand help text * Move toolchain and default commands first * show toolchain paths in rustup show -v output * refactor(cli/self-update): save allocations in `Nu::rcfiles()` * fix(cli/self-update)!: stop appending to `env.nu` due to deprecation * fix(cli/self-update): consider Windows paths in Nushell suggestions * refactor(cli/self-update): use `path add` in `env.nu` template * fix(cli/self-update): use interpolated string in `env.nu` template * Upgrade dependencies * docs(user-guide/environment-variables): document `RUSTUP_VERSION` * feat(rustup-init/sh): allow setting `RUSTUP_VERSION` during installation * feat(cli/self-update): allow setting `RUSTUP_VERSION` for arbitrary downgrades * feat(test/clitools): add `Config::expect_ok_ex_env()` * fix(errors)!: improve error messages for `RustupError::ToolchainNotInstalled` * Add set auto-install disable * Use `cursor: pointer` for copy button on website * fix(dist): refine suggestions about missing targets * Append Windows bin directory to PATH by default * Remove validation for custom toolchains when reading rust-toolchain.toml * document RUSTUP_AUTO_INSTALL * Fix build script `cargo` instructions Update to version 1.28.1~0: * dist(rustup-init/sh): update commit shasum * Update changelog for 1.28.1 * fix!(config): re-enableimplicit toolchain installation in `Cfg::local_toolchain()` with optional opt-out * refactor(test/clitools): extract `Config::expect_err_env()` * Use relative symlinks when possible * docs: update CHANGELOG for v1.28.1 release * fix!(config): re-enable active toolchain installation in `Cfg::find_active_toolchain()` with optional opt-out * config: make Config::find_active_toolchain() async * Use terse output for rustup show active-toolchain * Use read_timeout for reqwest instead of timeout * test: turn set_current_dist_date() into a Config method * test: privatize clitools module * test: remove function wrappers for cmd() and env() * test: privatize mock module * test: move create_mock_dist_server() to Scenario::write_to() * test: move Release into dist * test: turn channel builders into constructors * test: move mock channel builders into dist * test: move arch consts into top-level module * test: turn build_*_installer() functions into constructors * test: move installer builders into mock module * test: privatize items in clitools * test: keep Config impl close to type definition * test: privatize dist module * test: privatize items in test::dist * test: inline short module topical_doc_data * Remove level of nesting in test module * Tweak SanitizedOutput style * docs: update `CHANGELOG` for v1.28.0 release * Have mocked cargo better adhere to cargo conventions * Do not append `EXE_SUFFIX` in `Config::cmd` * Add `TryFrom ` for `SanitizedOutput` * refactor(test): replace `(before|after)_test_async()` with `TestProcess::_telemetry_guard` * style(rustup-init): reorganize imports * refactor(log): introduce `GlobalTelemetryGuard` * refactor(process): rename `TestProcess::_guard` to `_tracing_guard` * chore(deps): update opentelemetry * fix(deps): update rust crate windows-registry to 0.5.0 * refactor: improve binary suffix stripping * build: bump the codebase Language Edition to 2024 * style(cli/job): fix`unsafe-op-in-unsafe-fn` * style(cli/log): use precise capturing when necessary * chore: use unsafe versions of `(add|remove)_var()` * style: remove redundant `ref` keywords * style: partially migrate away from `if-let` * style: format sources with the 2024 Style Edition * chore: fix new `clippy` warnings * fix(deps): update rust crate pulldown-cmark to 0.13 * feat(rustup-init/sh): add env var to print arch detection result * refactor(component): reduce allocations in `ComponentPart::encode()` * refactor(component)!: extract `ComponentPartKind` * style(component): reduce right drift in `ComponentPart::decode()` * refactor(component)!: turn `ComponentPart`'s fields into named ones * fix(dist/prefix): normalize path separators in `REL_MANIFEST_DIR` * fix(component): normalize path separators during `ComponentPart::(en|de)code()` * Upgrade to rand 0.9 * fix(ci/doc): fix typo in renovate `datasource` * ci(doc): make `renovatebot` bump locked `mdbook` * ci(doc): pin `mdbook` to `0.4.43` * ci(schedule): run cron tasks more times per week * ci(schedule): promote to use the `stable` job list * ci(doc): fix stable build of `user-guide` * ci(linux): enable the full test suite for `aarch64-unknown-linux-gnu` * ci(linux): use public ARM64 Linux runners * ci(deploy-docs): merge with `test-docs` * ci(deploy-docs): enable on PR without uploads * ci(deploy-docs): build one book per workflow step * ci(deploy-docs): install `mdbook` with `install-action` * Change installation of dependencies for Aarch64 Dockerfile * Run Aarch64 jobs on PRs * Use ARM based runners for ARM CI targets * style: fix `clippy` warnings * docs(user-guide/components): add deprecation notice for `wasm32-wasi` * Update Windows dependencies * feat(cli/rustup-mode)!: simplify error message for `rustup show active- toolchain` * fix(cli/rustup-mode): make `rustup show active-toolchain` exit with `1` when none is active * fix(cli/rustup-mode): make `rustup default` exit with `1`when there's no default * fix(cli/rustup-mode)!: change `rustup doc --error_codes` to `--error-codes` * fix(deps): update rust crate itertools to 0.14 * fix(cli): align `rustup show`'s `--verbose` behavior with `rustup show active-toolchain` * feat(cli): show the toolchain path with `rustup show active-toolchain --verbose` * feat(test): accept more than one args in `for_host*!()` * fix(ci): fix installation of `cargo-all-features` * docs(user-guide/installation): update "General tips" * move deps around * fix(deps): update rust crate rustls-platform-verifier to 0.5 * fix(rustup-init/sh): don't emit "unknown macOS major version" for macOS v11+ * refactor(rustup-init/sh): extract `$_os_major` * refactor(rustup-init/sh): extract `$_os_version` * ci(linux): move `bindgen-cli` installation into `run.bash` * ci(stable): enable `loongarch64-unknown-linux-musl` builds * ci(linux): disable `reqwest-rustls-tls` for unsupported platforms * ci(linux): configure `gcc-multilib` and `libclang` for some *nix builds * chore(deps): bump `aws-lc-rs` and `aws-lc-sys` * download: clean up TLS feature guards * download: simplify feature guards * download: attach download functions to Backend type * download: remove intermediate reqwest-backend feature * Implement more complete backend selection * Simplify logic for download backend notification * docs(dev-guide/tracing): make "Adding instrumentation" a level-2 title * ci(windows): don't install `awscli` via `choco` * test(mock/topical-doc-data): add test cases with both a flag and a topic * refactor(test/mock): use tuples for `topical_doc_data::TEST_CASES` * feat(cli/rustup-mode): allow `rustup doc` with both a flag and a topic * refactor(toolchain): allow passing a fragment in `Toolchain::doc_path()` * refactor(toolchain): allow absolute paths in `Toolchain::doc_path()` * refactor(toolchain): simplify `Toolchain::doc_path()` * refactor(cli/rustup-mode): rename `doc_url` to `doc_path` *refactor(cli/rustup-mode): make `DocPage::path()` return `Option ` * refactor(cli/rustup-mode): move `DocPage::name()` to a separate `impl` block * refactor(cli/topical-doc): clean up some funtions * refactor(cli/rustup-mode): use early return in `doc()` * Update semver-compatible dependencies * fix: make sure no overflow on small screens * feat: make the box white * feat: use the color form the rust website for tags, hr and copy button * Add the main element and header to setup new layout * chore: remove the old pitch first * Apply clippy suggestions * Append to 1.28.0 changelog * Bump version, commit and date in rustup-init.sh * Clean up trailing whitespace in rustup-init.sh * Add changelog for 1.28.0 * Bump version to 1.28.0 * chore(deps): update remove-dir-all to 1.0 * Add aliases for remove/uninstall/unset commands * feat: add nushell support * Upgrade to opentelemetry 0.27 * fix: add missing close body tag * Upgrade thiserror to 2 * Upgrade to rustls-platform-verifier 0.4 * fix(cli/rustup-mode): remove `.num_args()` when `.value_delimiter(',')` is present * refactor(cli/rustup-mode): remove deprecated `.use_value_delimiter()` * chore(config): migrate config .github/renovate.json * docs: update channel toolchain syntax * feat(cli/rustup-mode): support more books in `rustup doc` * style(cli/rustup-mode): reorder items in `docs_data![]` * fix: add powerpc64 and s390x to known target_arch values for tests * style(utils): put the `mod` declarations below the imports * style: regroup some imports * refactor(utils): hoist `utils::utils` into `utils` * feat(rustup-init): detect and warn about existing `settings.toml` * fix: fix typo in `check_existence_of_rustc_or_cargo_in_path()` * style: allow using `dbg!()` across `rustup::test` * refactor(diskio): replace `eprintln!()` with `debug!()` * style: enable `clippy::(dbg_macro|todo)` across the workspace * style: enable `clippy::print_std(err|out)` when applicable * style: introduceworkspace-wide lint tables * build: use `workspace.package` properties in `Cargo.toml` * fix(config): improve error when overridden active custom toolchain isn't installed * fix(config): print special error for invalid toolchain name in override file * Update semver-compatible dependencies, except openssl-src * style(rustup-init/sh): ignore `shellcheck` SC2086 false positives * fix(rustup-init/sh): fix incorrect TLS warning with curl v8.10 * tests: rust-toolchain + profile in settings * Remove unnecessary methods * replace `winreg` dependency * Update remove_dir_all * refactor(cli/common)!: deny installing a host-incompatible toolchain w/o `--force-non-host` * refactor(cli/common)!: take in `toolchain: String` in `warn_if_host_is_incompatible()` * feat(cli/rustup-mode): add `--force-non-host` to `rustup default` * refactor(config)!: pass the `force_non_host` flag to `Cfg::ensure_installed()` * refactor(cli/rustup-mode): rename `forced` to `force_non_host` * docs(README): Point out where to find nightly/master docs. * Note that selecting VS lang packs is optional * Make symlink_or_hardlink_file remove dest * Try symlinking proxies first * Apply clippy suggestions from 1.81 * feat(cli/rustup-mode)!: set log level to `INFO`/`DEBUG` on `--quiet`/`--verbose` if `RUSTUP_LOG` is unset * refactor(cli/setup-mode): extract `update_console_logger()` * fix(cli/setup-mode): simplify description for `--quiet` * feat(cli/setup-mode)!: set log level to `DEBUG` on `--verbose` if `RUSTUP_LOG` is unset * refactor(common)!: remove `verbose` flag in several places * refactor(config): simplify `find_or_install_active_toolchain()` * refactor(config)!: return `LocalToolchainName` from `find_or_install_active_toolchain()` * refactor(config): simplify `resolve_toolchain()` * refactor(config): simplify `toolchain_from_partial()` * chore(triage): allow transferring issues to other org repos * Allow `rustup doc` to search for unions *docs(user-guide): add a link to the latest "Previous components" section * test(cli_v2): introduce `update_removed_component_toolchain()` * feat(dist): add notes for `stable` and `beta` in `components_missing_msg()` * refactor(dist): inline some const strings in `components_missing_msg()` * refactor(dist): extract "nightly tips" out of the match block in `components_missing_msg()` * fix: fix typo in several places * Upgrade pulldown-cmark to 0.12 * fix(manifest): consider possible renames in `Component::try_new()` * ci(macos): install `awscli` from `brew` * refactor(config)!: make `toolchain_from_partial()` sync * feat(config)!: remove implicit installation from `toolchain_from_partial()` * refactor(config)!: make `resolve_toolchain()` sync * feat(config)!: remove implicit installation from `resolve_toolchain()` * test(cli-rustup): remove `heal_damaged_toolchain()` * refactor(config): extract `local_toolchain()` from `resolve_local_toolchain()` * refactor(config): extract `toolchain` variable from `resolve_local_toolchain()` * refactor(config)!: make `resolve_local_toolchain()` sync * feat(config)!: remove implicit installation from `resolve_local_toolchain()` * refactor(config)!: rename `local_toolchain()` to `resolve_local_toolchain()` * feat(rustup-mode): install the active toolchain by default on `rustup toolchain install` * fix(rustup-mode): adjust descriptions for `rustup toolchain uninstall` * feat(rustup-mode)!: add `ensure_active_toolchain` flag to `update()` * feat(config)!: add `verbose` flag to `find_or_install_active_toolchain()` * style(config): replace `dist::Profile` with `Profile` * style(config): replace `dist::TargetTriple` with `TargetTriple` * fix(config): call `warn_if_host_is_incompatible()` in `ensure_installed()` * refactor(common): use early return in `warn_if_host_is_incompatible()` * refactor(rustup-mode): extract `warn_if_host_is_incompatible()` * style(common): merge imports * refactor(distributable)!: avoidunnecessary clones * refactor(distributable)!: replace `install_if_not_installed()` with `ensure_installed()` * feat(config)!: add `verbose` flag to `ensure_installed()` * feat(config)!: return `UpdateStatus` from `ensure_installed()` * feat(config)!: use `Cfg::get_profile()` for unspecified profile in `ensure_installed()` * chore(config): add `#[tracing::instrument]` to `ensure_installed()` * ci(freebsd): fix build failure related to `aws-lc` * ci(windows): don't install OpenSSL via `choco` * ci(run): remove redundant `if` predicate * ci(run): use the detected number of test threads * feat(download/rustls): use `aws-lc` instead of `ring` * style(taplo): enable `reorder_keys` for `*dependencies` in `Cargo.toml` * Upgrade windows-sys to 0.59 * fix: fix unreachable code lints on Android * docs(dev-guide): remove descriptions of `rustup_macros` * docs(dev-guide): update description of `rustup::process` * Remove `once_cell` dependency * docs(dev-guide): add guideline for atomic commits to the developer guide * fix: fix `clippy` lints * docs(user-guide): use `brew install rustup` instead of `rustup-init` * Bump fs_at to 0.2.1 * chore(deps/renovate): disable `automerge` * Upgrade to opentelemetry 0.24 * build(windows): don't link against `powrprof` * build(windows): fix typo in `build.rs` * fix(utils): make `ExitCode` `#[must_use]` * refactor(rustup-mode): introduce `ExitCode::bitand*()` * fix(rustup-mode): return `ExitCode(1)` when `update()` fails * refactor(rustup-mode)!: remove redundant `ExitCode` in `self_update()`'s callback * test(cli-misc): simplify `version_mentions_rustc_version_confusion()` * fix(rustup-mode): refine output for `rustup --version` * fix(rustup-mode)!: don't install toolchain on `rustup --version` * chore(deps/renovate): update `automerge` schedule for `lockFileMaintenance` * ci(check): add `taplo fmt` test for TOMLs * style: reformat all TOMLs with `taplo` * ci(gen-workflows): remove `--quiet` from `git diff` * refactor: use `#[cfg()]` instead of `cfg!()` when possible * refactor(self-update): remove outdated `do_pre_install_sanity_checks` * Add help message for missing toolchain * Rename OSProcess to OsProcess * Rename currentprocess to process * Forward to Process::var_os() directly * Fix home_dir() and current_dir() regression * feat(log): set level of `#[tracing::instrument(err)]` to `TRACE` * feat(log): unhide `tracing::instrument` from behind `feature = "otel"` * ci(windows): increase stack size to 16MiB * Upload Windows artifacts into correct subdirectory * Fix uploading of Windows build artifacts * Prepare deployment on master branch * Grant GitHub Actions workflows access to OIDC token * chore(deps): update aws-actions/configure-aws-credentials action to v4 * Authenticate CI uploads with OIDC * Upload release artifacts to new S3 bucket * chore(deps/renovate): set `prCreation` to `immediate` * feat(dist): refine suggestions regarding manifest checksum mismatches * refactor(config): extract `dist_root_server()` * refactor(dist): use `let-else` in `dl_v2_manifest()` * refactor(dist/notifications)!: inline usages of `Notification::ManifestChecksumFailedHack` * refactor(install): avoid extra clone in `InstallMethod::install` * Reorder operations in order to simplify * Deduplicate handling of environnment variables * Move if_not_empty() to calling module * feat(cli): warn when removing the default/active toolchain * feat(cli): improve warning when removing the last/host target for a toolchain * docs(ci): simplify the target policy in the README * Add loongarch64-unknown-linux-musl support * fix(download): fix build error with `--no-default-features --features=curl- backend` * feat(rustup-init): set log level to `WARN` on `-q` if `RUSTUP_LOG` is unset * implements quiet flag in `rustup-init.sh` * test(manifestation): introduce and migrate tests to `TestContext` * chore(manifestation): organize imports * add regression tests forsmart guess * apply smart guess to `rustup update/uninstall self` * Disable automatic self updates in CI environments * feat(download/rustls): use `rustls-platform-verifier` * ci(windows): run `cargo all-features` * fix(self-update/windows): address some `unused_imports` warnings * fix(rustup-mode): improve `clap` error format * Add period in warning while checking existing rust installations * Move Windows-only test code into windows module * Asyncify CLI tests * Use guard type to replace with_saved_path() * Refactor test registry state to be more type safe * Inline single-use with_saved_global_state() function * Privatize with_saved_global_state() * Move change_dir() into CliTestContext * Move with_update_server() into CliTestContext * Remove Config::with_scenario() * Port cli_v2 to CliTestContext * Port cli_v1 to CliTestContext * Port cli_self_upd to CliTestContext * Port cli_rustup to CliTestContext * Port cli_paths to CliTestContext * Port cli_misc to CliTestContext * Port cli_inst_interactive to CliTestContext * Port cli_exact to CliTestContext * Use CliTestContext directly in self_update_setup() * Start CliTestContext type wrapper * docs(dev-guide/tracing): mention `RUSTUP_LOG` and console-based tracing * docs(dev-guide/linting): improve wording * test(dist): add simple tests for `PartialVersion` * chore(dist): add some doc comments * fix(dist): throw an error when a `PartialVersion` string doesn't start with an ASCII digit * ci(all-features): add `-D warnings` to `cargo check-all-features` * fix(currentprocess/filesource): address some `unused_imports` warnings * fix(currentprocess): address some `unused_imports` warnings * fix(regex): replace `\d` to `[0-9]` to avoid matching non-ASCII digits * refactor(toolchain/names): replace `toolchain_sort` with `ToolchainName`'s `Ord` instance * refactor(dist)!: make `ToolchainDesc.channel` more strongly typed * Remove unnecessary lint suppressions * Use local suppression forclippy::too_many_arguments * Rename desc fields to toolchain * Remove intermediate state from error handling * Remove indirection in update error handling * Inline wrapper function * Reduce rightward drift * Propagate use of DistOptions * Avoid unnecessary unwrapping * Extract struct from InstallMethods::Dist variant * refactor(log): replace the `TELEMETRY_DEFAULT_TARCER` singleton with a function * test(clitools): revive `run_inprocess()` * fix(dist/arm): don't assume `armv7` if `/proc/cpuinfo` is unavailable * fix(dist): add fallbacks to `/proc/self/exe` in `rustup-init.sh` * Rename default-tls to native-tls * Inline small errors module * Inline addition/removal to programs * Move windows-only self_update code into windows module * Reorganize platform-dependent imports in self_update * refactor(log): replace `[Ww]arning:` log line prefix with `warn:` * refactor(log): rename `NotificationLevel::Debug` to `Trace` and `Verbose` to `Debug` * Remove unused code * Hoist Toolchain up into top-level toolchain module * Remove unused derived sorting implementations * Privatize internal organization of toolchain module * Inline argument * Inline trivial wrapper * Move toolchain resolution into Cfg method * Check settings version on Cfg construction * Move proxy toolchain resolution logic into Cfg method * Move rustc_version() function into Cfg * Expose higher-level interface in Toolchain * Move DistributableToolchain::installed_paths() into Cfg * No need to store cfg in DistributableToolchain * Reduce indirection in Cfg::from_partial() * Move Toolchain::from_partial() to Cfg * Take owned LocalToolchainName in Toolchain::from_local() * Simplify Toolchain::from_local() * refactor(dist): hoist `dist::dist` into `dist` * refactor(dist): privatize imports from `dist::dist` * Fix the `TODO` in `src\toolchain\toolchain.rs` * Use tracing macros directly * Inline single-caller maybe_trace_rustup() * Remove rustup test wrapper macros *Use tokio::main attribute * Attach Process-dependent utils to Process * Remove with_runtime() * fix(config): fix typo in `ActiveReason` * fix(log): use `RUSTUP_LOG` for internal `tracing` instead of `RUST_LOG` * refactor(currentprocess): make use of `Arc::default()` * refactor(currentprocess): rename `TestProcess.guard` to `_guard` * Remove currentprocess::with() * Privatize most TestProcess fields * Remove unused TestProcess::id * Pass Process around explicitly * Let argument parser handle SelfUpdateMode conversion * Let argument parser handle Profile conversion * Use simpler form for string concatenation * Reduce rightward drift by duplicating some Ok-wrapping * Rename _install_selection() to IInstallOpts::install() * Inline async closure * Move error mapping out of validation function * Rename do_pre_install_options_sanity_checks() to InstallOpts::validate() * Rename customize_install() to InstallOpts::customize() * Pass InstallOpts around directly * refactor(terminalsource): use `.eq_ignore_ascii_case()` in `ColorableTerminal::new` * chore(notify): sort logging macros and `NotificationLevel` on verbosity * chore(env): retire `RUSTUP_DEBUG` in favor of `RUST_LOG` * feat(log): make `console_logger()` accept `RUSTUP_TERM_COLOR` and `NO_COLOR` * refactor(log): reimplement `log` using `tracing` * refactor(test): clean up `before_test_async()` * chore(deps): make `tracing-subscriber` a hard requirement * refactor(test): setup `tracing` subscriber in `before_test_async()` * test(clitools): disable `run_inprocess()` * refactor(test): execute all `#[rustup_macros::unit_test]`s within a `tokio` context * refactor(log): extract `telemetry()` * Remove noop functions in favor of conditional compilation * Avoid trivial wrapper functions * Store process name in error variant directly * Inline trivial wrapper function * Fix misleading "uninstalled toolchain" notification * refactor(ci/run): use more `target_cargo()` in `run.bash` * Removetrivial new() implementation * Use serde to encode/decode mock manifests * Use serde to encode/decode rustup manifests * Use serde to encode/decode config * Represent config version as an enum * Use serde to encode/decode manifests * Represent manifest version as enum * Use serde to encode/decode settings * Add tests for settings encoding * Derive Default for Settings * Represent metadata version as an enum * Use Default impl for Settings::profile default * Derive Default for Profile * Discard unnecessary layer of Arc * Externalize wrapping of DownloadTracker * Inline NotifyOnConsole * Internalize interior mutability for Notifier * Decouple Cfg from Notifier initialization * fix(dist/triple): ensure `dist::triple::known` is up to date with `platforms` * refactor(toolchain): reuse `dist::triple::known` in `toolchain::names` * refactor(dist/triple): move known triples to `dist::triple::known` * refactor(build): use `platforms` to verify `RUSTUP_OVERRIDE_BUILD_TRIPLE` * refactor(build): simplify the code obtaining the current triple * feat(cli): add `--quiet` to `rustup (target|component) list` * feat(cli): add `--quiet` to `rustup toolchain list` * Inline trivial single-use function utils::to_absolute() * Inline trivial single-use function Cfg::which_binary() * Inline short single-use function direct_proxy() * Rename new_toolchain_with_reason() to Toolchain::with_reason() * Move Cfg::maybe_do_cargo_fallback() to Toolchain * Move Cfg::create_command_for_toolchain() to Toolchain::command() * Extract common usage of Cfg::create_command_for_toolchain() * Inline trivial single-use function Cfg::create_command_for_dir() * Inline simple function Cfg::create_command_for_toolchain() * Move toolchain construction out of Cfg::create_command_for_toolchain() * Inline single-use function * Improve error message for failing .rustup creation * Inline trivial single-use function * Inline utils::current_dir() * Take explicit current_dir argument into_absolute() * Pass current_dir down from main() * Update rustup.rs website to offer Rustup on Windows on Arm * Use Cfg::current_dir in override_remove() * Use Cfg::current_dir in override_add() * Use Cfg::current_dir in find_or_install_active_toolchain() * Use Cfg::current_dir for create_command_for_dir() * Use Cfg::current_dir for find_or_install_active_toolchain() * Store current_dir in Cfg for use in find_active_toolchain() * Enable building Rustup win-aarch64 on PR * Add aarch64-apple-darwin and aarch64-pc-windows-msvc to cloudfront- invalidation.txt * Update Other installation methods page to include aarch64-pc-windows-msvc * Remove unnecessary trait abstraction * Simplify process access to current_dir * Simplify process access to environment variables * Remove unnecessary trait bound for home::Env * Simplify process access to pid * Simplify process access to stdin * Simplify process access to stderr * Simplify process access to stdout * Simplify process access to argument iterator * fix(download): work around `hyper` hang issue by adjusting `reqwest` config * test(download): fix clippy warnings regarding `Mutex` in `async` * test(dist): add regression tests for parsing beta versions with tags * test(dist): introduce scenario `BetaTag` with mock test data * feat(dist): add support for parsing beta versions with tags in the toolchain * refactor(utils): move `run_future()` under `manifestation` * feat(config): make `create_command_for_toolchain()` async * refactor(config): make `update_all_channels()` async * refactor(self_update): make `maybe_install_rust()` async * refactor(config): make `ensure_installed` async * fix expected path-separators on windows * add a regression test * consistently add context with file path when parsing fails * ci(windows/gnu): install `mingw` via `bwoodsend/setup-winlibs-action` * ci(windows): enable CI on `x86_64-pc-windows-gnu` * Make manifestation test update_from_dist async * Make update async * Make default_ async * Make check_updates async * Make target_add async * Make target_remove async * Make component_add async * Make component_remove async * Make update_all_channels async * Make toolchain_link async * Make override_add async * Make DistributableToolchain::remove_component async * Make DistributableToolchain::add_component async * Make DistributableTool::install_if_not_installed async * Make DistributableToolChain::install async * Make toolchain.update async * Make update_extra async * Make show_dist_version async * Make InstallMethod::install async * Make InstallMethod::run async * Make update_from_dist async * Make update_from_dist_ async * Make try_update_from_dist_ async * Make update_v1 async * Make dist::dl_*_manifest async * Make common::self_update async * Make manifestation::update async * Make download retries async * Make DownloadCfg::download_and_check async * Make DownloadCfg::download_hash async * Make self_update::update async * Make check_rustup_update async * Make prepare_update async * Make get_available_rustup_version async * Make setup_mode::main async * Make self_update::install async * Make try_install_msvc async * Make download_file async * Make DownloadCfg::download async * Make download_file_with_resume async * Make download_file_ async * Make download_to_path_with_backend async * Make download_with_backend async * Make rustup_mode::main async * Convert run_rustup_inner to async * Make run_rustup async * Remove maybe_trace_rustup runtime setup * Make maybe_trace_rustup async * Convert main to using a tokio runtime always * Ring 0.17.x support Windows on ARM * ci(macos): use `macos-latest` instead of `macos-14` * fix(deps): update rust crate itertools to 0.13 * fix(deps): update rust crate pulldown-cmark to 0.11 * Avoid unnecessary allocations * Attempt to reduce duplication by adding a little abstraction * Move explicit_desc_or_dir_toolchain() toToolchain::from_partial() * Propagate ExitStatus instead of custom ExitCode * Use precise internal imports * Use idiomatic way to proxy str data * Inline RustupSubcmd::dispatch() * refactor(filesource): replace repetitive `#[cfg()]` usages with a new `mod` * Fix ETA display after regression * Stop showing ETA after download is complete * refactor(cli): hoist the `handle_epipe()` call out of the `match` * refactor(cli): rewrite `rustup` itself with `clap-derive` * refactor(cli): rewrite `rustup (self|set)` with `clap-derive` * refactor(cli): rewrite `rustup (man|completions)` with `clap-derive` * refactor(cli): rewrite `rustup doc` with `clap-derive` * refactor(cli): rewrite `rustup (run|which|dump-testament)` with `clap- derive` * refactor(cli): rewrite `rustup override` with `clap-derive` * refactor(cli): rewrite `rustup component` with `clap-derive` * refactor(cli): rewrite `rustup target` with `clap-derive` * refactor(cli): rewrite `rustup (check|default)` with `clap-derive` * refactor(cli): rewrite `rustup (toolchain|update|(un)?install)` with `clap- derive` * refactor(cli): remove `deprecated()` * refactor(cli): rewrite `rustup show` with `clap_derive` * fix(rustup-init): fix typo in `rustup-init[.sh]` args * feat(download): reflect the download/TLS backends in the user agent * Make find_override_from_dir_walk return OverrideCfg * Make settings file allow multiple borrows * Fix doc error with `rust-toolchain.toml` custom TC * Make `rustup default` not error if no default * Update format of `toolchain list` * Update format of `show` and `show active-toolchain` * Redesign OverrideCfg to be more type-driven * Pull match statement out in OverrideCfg::from_file() * Change find_override to find_active_toolchain * Pull out `new_toolchain_with_reason()` * Pull out `ensure_installed()` * refactor(cli): reorder `if` statement in `cli::setup_mode::main()` * refactor(cli): rewrite `rustup-init` with `clap_derive` * Avoid code duplicationfor printing target/component items * Deduplicate code to get components from distributable * Merge list_{,installed_}targets * Merge list_{,installed_}components functions * fix(filesource): make some constructs only available via the `test` feature * fix(ci/freebsd): install ca certs to prevent `invalid peer certificate: UnknownIssuer` * feat(download-backend)!: make `reqwest/rustls` the new default * feat(download-backend)!: refine selection logic * Update MSVC requirements to VS 2017 to match Rust repo * refactor(download): use `DownloadCallBack` in `download_with_backend()` * ci: don't build for `i686-linux-android` due to OpenSSL v3 atomic issues * ci(android): update NDK version * fix(deps): update rust crate openssl-src to v300 * ci(linux-gnu): install `perl-IPC-Cmd` to make OpenSSL v3 happy * chore(deps): update ubuntu docker tag to v24 * docs(dev-guide): remove "pushing to master" in the release process * Replace remaining winapi usage with windows-sys Update to version 1.27.1~0: * chore(dist): update commit shasum in `rustup-init.sh`, take 2 * fix(ci/linux): don't use `pip3` to install `awscli` * fix(ci/macos): don't use `pip3` to install `awscli` * chore(dist): update commit shasum in `rustup-init.sh` * docs: update CHANGELOG for v1.27.1 * feat(dist): improve `changelog_helper` script * dist: bump `rustup` version to `1.27.1` * chore: fix some typos in comments * Remove TryFrom for TargetTriple * Add tests for add/remove components by name with target triple * Replace Component::new_with_target by Component::try_new * refactor(self-update)!: remove confusing `get_path()` impl on Unix * test(self-update): ensure the resolution of #3739 * feat(self-update): add `with_saved_reg_value()` * refactor(self-update): extract `(get|restore)_reg_value()` * refactor(self-update): extract `with_saved_global_state()` * refactor(self-update): use `std::io` * fix(self-update): replace some `#[cfg(not(unix))]` usages with `#[cfg(windows)]` * feat(self-update): improve error messages on Windows * fix(self-update): run `do_update_programs_display_version()` on `run_update()` * refactor(self-update): extract `get_and_parse_new_rustup_version()` * refactor(self-update): extract `do_update_programs_display_version()` * ci: don't test for FreeBSD on PRs * docs(user-guide): update `environment-variables` * refactor(self-update): eliminate needless clone * feat(self-update): log `RUSTUP_DIST_*` if it's set * feat(self-update): log `RUSTUP_UPDATE_ROOT` if it's set * refactor(self-update): rename `UPDATE_ROOT` to `DEFAULT_UPDATE_ROOT` * refactor(self-update): extract `update_root()` * once_cell only used with reqwest in download crate, so gate it * tracing unsed only from otel feature, so move it to optional * Add loongarch64-unknown-linux-gnu to installation docs * Add loongarch64-unknown-linux-gnu to cloudfront invalidations * Use pattern matching to make Debug impl for Cfg more robust * Use std IsTerminal interface * Rename temp::Cfg to Context * temp: keep definitions and impls together * Remove derivative dependency in favor of manual implementation * docs(dev-guide): move all mentions of `cargo clippy` to `linting.md` * docs(dev-guide): mention that we need to keep mdBook links stable * refactor(utils)!: rename `delete_dir_contents()` to `delete_dir_contents_following_links()` * fix(utils): resolve input path in `delete_dir_contents()` if it's a link * test(cli): ensure the resolution of #3344 * Revert "fix(utils): unlink input path in `delete_dir_contents()` if it's a link" * Revert "refactor(utils)!: rename `delete_dir_contents()` to `delete_dir_contents_or_unlink()`" * Revert "test(cli): ensure the resolution of #3344" * refactor(utils)!: rename `delete_dir_contents()` to `delete_dir_contents_or_unlink()` * fix(utils): unlink input path in `delete_dir_contents()` if it's a link * test(cli): ensure the resolution of #3737 * refactor(util)!: rename`open_dir()` to `open_dir_following_links()` * fix(utils): don't use `O_NOFOLLOW` in `open_dir()` * chore: fix typo in `CHANGELOG` * chore(meta): update `bug_report` issue template * Add hr to Windows instructions * fix(doc): don't show the opening message when --path is used * chore: remove repetitive words * fix(deps): update rust crate opener to 0.7.0 * fix(config): remove unnecessary debug print * fix(ci): fix file paths in CI-generated `*.sha256` files on *nix * fix(ci): correct error message after bumping reqwest * fix(deps): update rust crate reqwest to 0.12 * doc(dev-guide): Fix test Lint and add explanation * Fix "component add" error message * ci: use `stable` Rust for all clippy lints * style: apply clippy suggestions from Rust 1.78.0 * fix(ci/windows): disable `cargo clippy` on `*-windows-gnu` * fix(shell): create parent dir before appending to rcfiles * fix(fish): fix definition of `Fish::update_rcs` * docs(dev-guide): update `release-process.md` to match the new workflow based on GitHub Merge Queue * ci(macos): add `MACOSX_DEPLOYMENT_TARGET` and friends * Replaced `.` with `source` in fish shell's `source_string` * Deny clippy warnings in CI * Rely on implicit conversion to OperationResult * Extract closure from match scrutinee * fix(cli): fix incorrect color state after `ColorableTerminal::reset` * docs: Add note about stability of llvm-tools. * Change default for RUSTUP_WINDOWS_PATH_ADD_BIN * ci: remove direct `renovate/*` tests * Fix dead_code and unused_imports warnings Update to version 1.27.0~0: * docs: update `CHANGELOG` for v1.27.0 * hack(deps): pin `openssl-sys` to 0.9.92 * fix #3663. Feedback in terminal when opening browser for docs * Fix copy icon position in Safari * Upgrade to opentelemetry 0.22 * fix ambiguous prompt after setting up custom installation * docs: rephrase and split sentence about Visual Studio license * Add comment on why we prefer symlinks to junctions * Windows: Try using symlinks ifthey're allowed * chore(ci): unify the matrix format to (mode, target) * ci: update runners for macOS-related workflows * docs: mention `apt` in installation methods * docs: fix missing links in `CHANGELOG.md` * chore(deps): update rust crate trycmd to 0.15.0 * fix(deps): downgrade `openssl-sys` to 0.9.92 * ci: remove the now-tier3 `mips*-unknown-linux-gnu*` targets from the build * Update mdbook and fix some source issues. * Rename `.cargo/config` to `.cargo/config.toml` * chore: update `CHANGELOG.md` * dist: bump `rustup-init.sh` version to `1.27.0` * dist: bump `rustup` version to `1.27.0` * feat: introduce `changelog_helper` script * Upgrade to pulldown-cmark 0.10 * Fix some typos * fix(deps): update rust crate libc to 0.2.153 * Download rust CI Docker images from a registry * Component is now named 'llvm-tools' * chore: add docstring to `is_32bit_userspace()` * chore: disable some unix-only helper functions on Windows * chore(deps): update actions/cache action to v4 * refactor(cli): simplify case splitting on `clap::error::ErrorKind` * refactor(names): replace `maybe_official_toolchainame_parser` with `impl FromStr` * refactor: simplify `is_proxyable_tools` * refactor(distributable): import `ComponentStatus` * refactor(cli): avoid nested combinators in `has_at_most_one_target` * feat(cli): warn when removing the last/host target for a toolchain * refactor(toolchain): extract `DistributableToolchain::components()` * www: detect RISC-V 64 platform * fix(deps): update rust crate strsim to 0.11 * chore(deps): update `renovate.json` to remove version bumps covered by lockfile maintenance PRs, take 3 * feat(ci): configure `merge_queue` to be a PR-like event * feat(ci): enable the `merge_group` trigger * fix(ci): use `github.event_name == 'schedule'` instead of `github.event.schedule` * chore(deps): update `renovate.json` to remove version bumps covered by lockfile maintenance PRs, take 2 * fix(deps): update rust crate clap tov4.4.13 * fix(deps): update rust crate syn to v2.0.48 * chore(deps): update rust crate opentelemetry_sdk to v0.21.2 * fix(ci): use `github.event_name == 'push'` instead of `github.event.push` * feat(ci): add CI workflow generation checks * refactor(ci): disassemble and reorganize `ci/cirrus-templates` * feat(ci): add `conclusion` job * refactor(ci): move `freebsd-builds` to GitHub Actions * refactor(ci): merge all current GitHub Actions workflows into `ci.yaml` * chore(ci): clean up current CI files * chore(deps): update `renovate.json` to remove version bumps covered by lockfile maintenance PRs * fix(deps): update rust crate syn to v2.0.47 * fix(deps): update rust crate proc-macro2 to v1.0.75 * fix(deps): update rust crate clap_complete to v4.4.6 * fix(deps): update rust crate serde to v1.0.194 * fix(deps): update rust crate semver to v1.0.21 * chore(deps): update rust crate thiserror to v1.0.56 * chore(deps): update rust crate anyhow to v1.0.79 * fix(deps): update rust crate syn to v2.0.45 * fix(deps): update rust crate proc-macro2 to v1.0.73 * fix(deps): update rust crate syn to v2.0.44 * fix(deps): update rust crate quote to v1.0.34 * fix(deps): update rust crate proc-macro2 to v1.0.72 * chore(deps): update rust crate anyhow to v1.0.78 * chore(deps): update rust crate thiserror to v1.0.53 * fix(deps): update rust crate clap to v4.4.12 * chore(deps): update rust crate tempfile to v3.9.0 * fix(deps): update rust crate clap_complete to v4.4.5 * chore(deps): update rust crate anyhow to v1.0.77 * chore(deps): update rust crate thiserror to v1.0.52 * fix(deps): update rust crate syn to v2.0.43 * fix(deps): update rust crate openssl to v0.10.62 * fix(deps): update rust crate proc-macro2 to v1.0.71 * fix(deps): update rust crate syn to v2.0.42 * chore(deps): update rust crate anyhow to v1.0.76 * chore(deps): update rust crate hyper-util to v0.1.2 * chore(deps): update rust crate tokio to v1.35.1 * fix(deps): update rust crate reqwestto v0.11.23 * chore(deps): update rust crate hyper to v1.1.0 * docs: move "rls" and "rust-analysis" to separate section "previous..." (#3591) * chore(deps): update actions/upload-artifact action to v4 * Fix rustup-init failure to read ZDOTDIR from zsh when SHELL is not zsh (#3584) * CI: Enable rustls on loongarch64 * CI: Revert "Disable openssl for loongarch64-unknown-linux-gnu" * fix(deps): update rust crate openssl-src to v300.2.1+3.2.0 * fix(deps): update rust crate syn to v2.0.41 * fix(deps): update rust crate syn to v2.0.40 * fix(deps): update rust crate libc to v0.2.151 * chore(deps): update rust crate once_cell to v1.19.0 * fix(deps): update rust crate clap to v4.4.11 * fix(deps): update rust crate openssl to v0.10.61 * Fix test permanently adding to PATH * chore(deps): revert `Cargo.toml` bump in #3540 * chore(deps): revert `Cargo.toml` bump in #3532 * chore(renovate): prevent unnecessary `Cargo.toml` bumps * Lock file maintenance * Fix panic in `component list --toolchain stable` * Upgrade hyper to 1.0 (#3543) * Clarify several docs and help messages * Remove rel paths from rust-toolchain.toml docs * CI: Disable openssl for loongarch64-unknown-linux-gnu * Update Rust crate url to 2.5 * Update Rust crate winreg to 0.52 * Update Rust crate windows-sys to 0.52.0 * Update Rust crate termcolor to 1.4 * Streamline dependencies in `Cargo.toml` * Update opentelemetry * [doc] windows.md: fix link * Inline channel pattern list * Remove unused import * Explicitly import symbols * Remove unused dependencies from macros crate * Replace usage of lazy_static with once_cell * Use more conventional field order in package table * Remove authors from Cargo manifest (per RFC 3052) * Use uniform dependency specification style * Inline `semver::Version` in `toolchain_sort` * Add docs specifying `toolchain_sort`'s expected behavior * Change key used in `toolchain_sort` * Inline `special_version` in `toolchain_sort` * Inline`toolchain_sort_key` in `toolchain_sort` * Replace `sort_by` with `sort_by_key` in `toolchain_sort` * Refine `test_toolchain_sort` * Suggest installing MSYS2 for `windows-gnu` * Fix the test toolchain_broken_symlink on Windows * Move `TOOLSTATE_MSG` to `dist` to serve toolchain-wide operations * Add test to ensure resolution of #3418 * Add `Panics` sections to docstrings * Refactor `components_*_msg` * Delete suggestions of removing the relevant component from `component_unavailable_msg` * Clean up some `manifestation` logic * Warn when running under Rosetta emulation * Typo fixed in tips-and-tricks.md file * Adjust suggestions about sourcing `env` files * Restrict zsh `shwordsplit` to `downloader()` * Update Rust crate zstd to 0.13 * Apply `clippy` suggestions * Extract `post_install_msg_unix_source_env!()` * Add suggestions to mention sourcing `env.fish` * Fix zsh word splitting for curl "\--retry 3" * Add ksh compatibility for latest illumos and others * Remove redundant message if an error occurs during package extraction * Update Rust crate regex to 1.10.0 * Write a custom env script for fish * Fix fish config dir paths * Update all rc fish scripts * Try to add support for fish shell * Clarify the origin of `rust-$TARGET` CI Docker images * Apply more `clippy` suggestions * Capturing IO error in download_file_with_resume (#3421) * Adjust instructions for manual installation (#3502) * Windows: Load DLLs from system32 * When running a 32-bit rustup on an aarch64 CPU, select a 32-bit toolchain * Do not fallback to "arm" in rustup-init.sh on aarch64 with 32-bit userland * Update Rust crate toml to 0.8 * Mention `brew install rustup-init` in the user guide * Adjust section titles in the user guide * Update actions/checkout action to v4 * Avoid warning for unused variant * fix invalid link for 1.25.2 * 1.26.0 should not be unreleased in the changelog * Refactor test case `install_uninstall_affect_path` * Update Rust cratewinreg to 0.51 * Apply clippy suggestions from Rust 1.74 (#3497) * Fix rustup_only_options_stdout * Bring additional help section style in line with clap 4 * Upgrade to clap 4 * Avoid deprecated clap API * Isolate trycmd tests from environment * Update Rust crate tracing-opentelemetry to 0.21.0 * buf writes to components * Update Rust crate tempfile to 3.8 * Return the right lifetime from DistributableToolchain::install * Fix handling of async tests * Improve CI debugability * Refactor: Use download_cfg.notify_handler in update() * Authenticate when installing protoc * Avoid installing protoc for most CI workflows * Refine suggestions of sourcing `$HOME/.cargo/env` * Avoid `sysctl: unknown oid` stderr output and/or non-zero exit code * Configure automerge in Renovate * Fix renovate.json * Make `RUSTUP_TERM_COLOR`'s value case insensitive * Add unit tests for `RUSTUP_TERM_COLOR` * Support `RUSTUP_TERM_COLOR` as an override environment variable * macOS `uname -m` can lie due to Rosetta shenanigans * Migrate CONTRIBUTING.md to an mdbook * Build docs during CI * Move the user guide from doc to doc/user-guide * Update Rust crate tempfile to 3.7 * Use available_parallelism replace the `num_cpus`crate * rustup-init.sh: Check for kernel UAPI compatibility on LoongArch * Enable loongarch64-linux-gnu builds on stable * allow `clippy::arc_with_non_send_sync` * Address `#[warn(clippy::useless_vec)]` * Address `#[warn(clippy::needless_borrow)]` * Address `#[warn(clippy::useless_conversion)]` * Address `#[warn(clippy::redundant_pattern_matching)]` * Address `#[warn(clippy::redundant_field_names)]` * Bump proc-macro2 v1.0.51 -> v1.0.63 * Bump the openssl v0.10.52 -> v0.10.55 * Fix typo: prerequistes -> prerequisites * update installation methods to use TLS v1.2 * Disable the "oldtime" feature of chrono * Update Rust crate tempfile to 3.6 * Update Rust crate url to 2.4 * Update Rust crate once_cell to 1.18.0 * Make download_trackerthread safe. * Enable broken color in MSYS2 shells * Add suggest_message helper for errors * replace term with termcolor * Tweak docs * Improve error message for removing uninstalled target * Improve error message for adding unknown target * CI support for loongarch64-unknown-linux-gnu * Fix compile on rust nightly * Group updates to opentelemetry together * Improve CurrentProcess * Update dependencies * TestProcess and friends should be test only * Update Rust crate windows-sys to 0.48.0 * Rework Toolchain model and drop relative file path overrides * Add in opentelemetry tracing as a feature * Remove repeated definite article * Make clippy happy * Update Rust crate toml to 0.7.3 * Suggest right toolchain when running clippy * Fix small typo * Update Rust crate winreg to 0.50 * Update Rust crate tempfile to 3.5 * Compile static Mutex where possible * Upgrade CI image to FreeBSD 13.2 * Update Rust crate opener to 0.6.0 * Update Rust crate enum-map to 2.5.0 * Bumped retry ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-2831=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-2831=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-2831=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-2831=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-2831=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-2831=1 * SUSE LinuxEnterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-2831=1 * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2831=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-2831=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 x86_64) * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * openSUSE Leap 15.4 (aarch64 x86_64) * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-debugsource-1.28.2~0-150400.3.13.1 * rustup-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 x86_64) * rustup-1.28.2~0-150400.3.13.1 * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-debugsource-1.28.2~0-150400.3.13.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) *rustup-1.28.2~0-150400.3.13.1 * rustup-debuginfo-1.28.2~0-150400.3.13.1 * rustup-debugsource-1.28.2~0-150400.3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2024-12224.html * https://www.suse.com/security/cve/CVE-2025-58160.html * https://www.suse.com/security/cve/CVE-2026-25727.html * https://www.suse.com/security/cve/CVE-2026-41676.html * https://www.suse.com/security/cve/CVE-2026-41677.html * https://www.suse.com/security/cve/CVE-2026-41678.html * https://www.suse.com/security/cve/CVE-2026-41681.html * https://www.suse.com/security/cve/CVE-2026-41898.html * https://www.suse.com/security/cve/CVE-2026-42327.html * https://www.suse.com/security/cve/CVE-2026-44662.html * https://www.suse.com/security/cve/CVE-2026-45784.html * https://bugzilla.suse.com/show_bug.cgi?id=1203257 * https://bugzilla.suse.com/show_bug.cgi?id=1230032 * https://bugzilla.suse.com/show_bug.cgi?id=1243862 * https://bugzilla.suse.com/show_bug.cgi?id=1249008 * https://bugzilla.suse.com/show_bug.cgi?id=1257902 * https://bugzilla.suse.com/show_bug.cgi?id=1270186 * https://bugzilla.suse.com/show_bug.cgi?id=1270521 * https://bugzilla.suse.com/show_bug.cgi?id=1270619 * https://bugzilla.suse.com/show_bug.cgi?id=1270644 * https://bugzilla.suse.com/show_bug.cgi?id=1270795 * https://bugzilla.suse.com/show_bug.cgi?id=1270870 * https://bugzilla.suse.com/show_bug.cgi?id=1270874 * https://bugzilla.suse.com/show_bug.cgi?id=1270989 . Install the important security update for rustup addressing multiple vulnerabilities in SUSE distributions.. SUSE security advisory, rustup update, security fix, important update. . Severity: Important. LinuxSecurity.com Team
An update that solves eight vulnerabilities and has one security fix can now be installed.. # Security update for rust-keylime Announcement ID: SUSE-SU-2026:2807-1 Release Date: 2026-07-09T04:47:14Z Rating: important References: * bsc#1260596 * bsc#1270174 * bsc#1270523 * bsc#1270614 * bsc#1270699 * bsc#1270792 * bsc#1270842 * bsc#1270903 * bsc#1270999 Cross-References: * CVE-2026-41676 * CVE-2026-41677 * CVE-2026-41678 * CVE-2026-41681 * CVE-2026-41898 * CVE-2026-42327 * CVE-2026-44662 * CVE-2026-45784 CVSS scores: * CVE-2026-41676 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-41676 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U * CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2026-41677 ( NVD ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41677 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2026-41678 ( NVD ): 7.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41678 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-41681 ( NVD ): 8.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41681 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L * CVE-2026-41898 ( NVD ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-41898 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-42327 ( NVD ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2026-44662 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: * SUSE Linux Enterprise Micro 5.5 An update that solves eight vulnerabilities and has one security fix can now be installed. ##Description: This update for rust-keylime fixes the following issues * Update to version 0.2.9+49 * Update openssl to 0.10.81 * CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can overflow short buffers on OpenSSL 1.1.1 (bsc#1270174). * CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-openssl crate (bsc#1270614). * CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust- openssl crate (bsc#1270699). * CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate (bsc#1270792). * CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent memory in rust-openssl crate (bsc#1270842). * CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate (bsc#1270523). * CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key- wrap-with-padding in rust-openssl crate (bsc#1270903). * CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-openssl crate (bsc#1270999). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2026-2807=1 ## Package List: * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * rust-keylime-0.2.9+49-150500.3.19.1 * rust-keylime-debuginfo-0.2.9+49-150500.3.19.1 ## References: * https://www.suse.com/security/cve/CVE-2026-41676.html * https://www.suse.com/security/cve/CVE-2026-41677.html * https://www.suse.com/security/cve/CVE-2026-41678.html * https://www.suse.com/security/cve/CVE-2026-41681.html *https://www.suse.com/security/cve/CVE-2026-41898.html * https://www.suse.com/security/cve/CVE-2026-42327.html * https://www.suse.com/security/cve/CVE-2026-44662.html * https://www.suse.com/security/cve/CVE-2026-45784.html * https://bugzilla.suse.com/show_bug.cgi?id=1260596 * https://bugzilla.suse.com/show_bug.cgi?id=1270174 * https://bugzilla.suse.com/show_bug.cgi?id=1270523 * https://bugzilla.suse.com/show_bug.cgi?id=1270614 * https://bugzilla.suse.com/show_bug.cgi?id=1270699 * https://bugzilla.suse.com/show_bug.cgi?id=1270792 * https://bugzilla.suse.com/show_bug.cgi?id=1270842 * https://bugzilla.suse.com/show_bug.cgi?id=1270903 * https://bugzilla.suse.com/show_bug.cgi?id=1270999 . SUSE security advisory for rust-keylime addresses eight critical issues along with one update to enhance security.. SUSE Linux Micro security update, rust-keylime vulnerabilities, openssl buffer overflow fix. . Severity: Important. LinuxSecurity.com Team
New xorg-server packages are available for Slackware 15.0 and -current to fix security issues.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] xorg-server (SSA:2026-189-03) New xorg-server packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: +--------------------------+ patches/packages/xorg-server-1.20.14-i586-21_slack15.0.txz: Rebuilt. This update fixes security issues: glamor Font Atlas Heap Buffer Overflow. GLX contextTags Use-After-Free in CommonMakeCurrent(). For more information, see: https://lists.x.org/archives/xorg/2026-July/062255.html https://www.cve.org/CVERecord?id=CVE-2026-55999 https://www.cve.org/CVERecord?id=CVE-2026-56000 (* Security fix *) patches/packages/xorg-server-xephyr-1.20.14-i586-21_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xnest-1.20.14-i586-21_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xvfb-1.20.14-i586-21_slack15.0.txz: Rebuilt. patches/packages/xorg-server-xwayland-21.1.4-i586-19_slack15.0.txz: Rebuilt. This update fixes security issues: glamor Font Atlas Heap Buffer Overflow. GLX contextTags Use-After-Free in CommonMakeCurrent(). For more information, see: https://lists.x.org/archives/xorg/2026-July/062255.html https://www.cve.org/CVERecord?id=CVE-2026-55999 https://www.cve.org/CVERecord?id=CVE-2026-56000 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-1.20.14-i586-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xephyr-1.20.14-i586-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xnest-1.20.14-i586-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xvfb-1.20.14-i586-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/xorg-server-xwayland-21.1.4-i586-19_slack15.0.txz Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-1.20.14-x86_64-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xephyr-1.20.14-x86_64-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xnest-1.20.14-x86_64-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xvfb-1.20.14-x86_64-21_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/xorg-server-xwayland-21.1.4-x86_64-19_slack15.0.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-21.1.24-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xephyr-21.1.24-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xnest-21.1.24-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xvfb-21.1.24-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/x/xorg-server-xwayland-24.1.13-i686-1.txz Updated package for Slackware x86_64-current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-21.1.24-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xephyr-21.1.24-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xnest-21.1.24-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xvfb-21.1.24-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/x/xorg-server-xwayland-24.1.13-x86_64-1.txz MD5 signatures: +-------------+ Slackware 15.0 package: 8ee8e09c8bf7ad2f7736e0b3a34526fa xorg-server-1.20.14-i586-21_slack15.0.txz 9445a8151fcef066aab50f6889d9020e xorg-server-xephyr-1.20.14-i586-21_slack15.0.txz 3410bdb7f3dad90a39739ff1f6eeac31 xorg-server-xnest-1.20.14-i586-21_slack15.0.txz 478ab900a8bf22df2ef173cfdefbabbb xorg-server-xvfb-1.20.14-i586-21_slack15.0.txz a132025f9509f12a96a8b374ed257496 xorg-server-xwayland-21.1.4-i586-19_slack15.0.txz Slackware x86_64 15.0 package: 1c85ac7c5d1033fc41354b33fe18bdcd xorg-server-1.20.14-x86_64-21_slack15.0.txz 5f03471488a9b6bf826b9ab1bdc2d4c2 xorg-server-xephyr-1.20.14-x86_64-21_slack15.0.txz 4d5bc9fcf635f9bc0dccdf11da884afc xorg-server-xnest-1.20.14-x86_64-21_slack15.0.txz 17a79b491be51e4730ae417116cc51d2 xorg-server-xvfb-1.20.14-x86_64-21_slack15.0.txz a150bb8ba91cf5c9013602ef583cc120 xorg-server-xwayland-21.1.4-x86_64-19_slack15.0.txz Slackware -current package: 3a6b1e86333ef9653b4982d653d5d8b7 x/xorg-server-21.1.24-i686-1.txz 17b3c4516dff4c42231a1b2eeca9fbdc x/xorg-server-xephyr-21.1.24-i686-1.txz c998ffd8de120deec1dcfd12117d3bbb x/xorg-server-xnest-21.1.24-i686-1.txz 590199de49ccdb9e55bfe323996e4178 x/xorg-server-xvfb-21.1.24-i686-1.txz d0b18dca7a226e9a606c8e199c5b0b15 x/xorg-server-xwayland-24.1.13-i686-1.txz Slackware x86_64 -current package: 9eb2c4a86ccaff313b51b2be39d443b1 x/xorg-server-21.1.24-x86_64-1.txz 744a967005e978277b9638bf6b6b5acf x/xorg-server-xephyr-21.1.24-x86_64-1.txz eb49ee6f09618a0649d6e75e81499fa9 x/xorg-server-xnest-21.1.24-x86_64-1.txz b216eac69f4f7dac6e521e4be4904171 x/xorg-server-xvfb-21.1.24-x86_64-1.txz 193b4f96655202b5002bbfbcde68975b x/xorg-server-xwayland-24.1.13-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg xorg-server-*.txz +-----+ . New xorg-server packages for Slackware address critical security issues including buffer overflow and use-after-free defects.. Slackware security fix,xorg-server update,buffer overflow,security patch,Slackware advisory. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.