OPENSUSE-SU-2026:11255-1
Vulnerability from csaf_opensuse - Published: 2026-07-12 00:00 - Updated: 2026-07-12 00:00Summary
afterburn-5.10.0.git73.b97f772-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: afterburn-5.10.0.git73.b97f772-1.1 on GA media
Description of the patch: These are all security issues fixed in the afterburn-5.10.0.git73.b97f772-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11255
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "afterburn-5.10.0.git73.b97f772-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the afterburn-5.10.0.git73.b97f772-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11255",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11255-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25541 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41676 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41676/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41677 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41677/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-41898 page",
"url": "https://www.suse.com/security/cve/CVE-2026-41898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42327 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42327/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45784 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45784/"
}
],
"title": "afterburn-5.10.0.git73.b97f772-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-12T00:00:00Z",
"generator": {
"date": "2026-07-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11255-1",
"initial_release_date": "2026-07-12T00:00:00Z",
"revision_history": [
{
"date": "2026-07-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"product": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"product_id": "afterburn-5.10.0.git73.b97f772-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"product": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"product_id": "afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"product": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"product_id": "afterburn-5.10.0.git73.b97f772-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"product": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"product_id": "afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.10.0.git73.b97f772-1.1.s390x",
"product": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.s390x",
"product_id": "afterburn-5.10.0.git73.b97f772-1.1.s390x"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"product": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"product_id": "afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"product": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"product_id": "afterburn-5.10.0.git73.b97f772-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64",
"product": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64",
"product_id": "afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64"
},
"product_reference": "afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le"
},
"product_reference": "afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x"
},
"product_reference": "afterburn-5.10.0.git73.b97f772-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.10.0.git73.b97f772-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64"
},
"product_reference": "afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64"
},
"product_reference": "afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le"
},
"product_reference": "afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x"
},
"product_reference": "afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
},
"product_reference": "afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25541"
}
],
"notes": [
{
"category": "general",
"text": "Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path of BytesMut::reserve, if the condition \"v_capacity \u003e= new_cap + offset\" uses an unchecked addition. When new_cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacity. Subsequent APIs such as spare_capacity_mut() then trust this corrupted cap value and may create out-of-bounds slices, leading to UB. This behavior is observable in release builds (integer overflow wraps), whereas debug builds panic due to overflow checks. This issue has been patched in version 1.11.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25541",
"url": "https://www.suse.com/security/cve/CVE-2026-25541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25541"
},
{
"cve": "CVE-2026-41676",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41676"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out length to EVP_PKEY_derive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming *keylen, unconditionally writing the full shared secret (32/56/prime-size bytes). A caller passing a short slice gets a heap/stack overflow from safe code. OpenSSL 3.x providers do check, so this only impacts older OpenSSL. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41676",
"url": "https://www.suse.com/security/cve/CVE-2026-41676"
},
{
"category": "external",
"summary": "SUSE Bug 1270137 for CVE-2026-41676",
"url": "https://bugzilla.suse.com/1270137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41676"
},
{
"cve": "CVE-2026-41677",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41677"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user\u0027s callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41677",
"url": "https://www.suse.com/security/cve/CVE-2026-41677"
},
{
"category": "external",
"summary": "SUSE Bug 1270540 for CVE-2026-41677",
"url": "https://bugzilla.suse.com/1270540"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41677"
},
{
"cve": "CVE-2026-41898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-41898"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb forwarded the user closure\u0027s returned usize directly to OpenSSL without checking it against the \u0026mut [u8] that was handed to the closure. This can lead to buffer overflows and other unintended consequences. This vulnerability is fixed in 0.10.78.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-41898",
"url": "https://www.suse.com/security/cve/CVE-2026-41898"
},
{
"category": "external",
"summary": "SUSE Bug 1270798 for CVE-2026-41898",
"url": "https://bugzilla.suse.com/1270798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-41898"
},
{
"cve": "CVE-2026-42327",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42327"
}
],
"notes": [
{
"category": "general",
"text": "rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocsp_responders returns OCSP responder URLs from a certificate\u0027s AIA extension as OpensslString, whose Deref\u003cTarget = str\u003e wraps the raw bytes with str::from_utf8_unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation causes safe Rust code to construct a \u0026str that violates the UTF-8 invariant - resulting in undefined behavior. This vulnerability is fixed in 0.10.79.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42327",
"url": "https://www.suse.com/security/cve/CVE-2026-42327"
},
{
"category": "external",
"summary": "SUSE Bug 1270454 for CVE-2026-42327",
"url": "https://bugzilla.suse.com/1270454"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42327"
},
{
"cve": "CVE-2026-45784",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45784"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45784",
"url": "https://www.suse.com/security/cve/CVE-2026-45784"
},
{
"category": "external",
"summary": "SUSE Bug 1270946 for CVE-2026-45784",
"url": "https://bugzilla.suse.com/1270946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-5.10.0.git73.b97f772-1.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.10.0.git73.b97f772-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-12T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-45784"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…