{"affected":[{"ecosystem_specific":{"binaries":[{"afterburn":"5.9.0.git21.a73f509-150400.3.3.1","afterburn-dracut":"5.9.0.git21.a73f509-150400.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"afterburn","purl":"pkg:rpm/suse/afterburn&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.9.0.git21.a73f509-150400.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for afterburn fixes the following issues:\n\nUpdate to version 5.9.0.git21.a73f509.\n\nSecurity issues fixed:\n\n- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large\n  repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).\n- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect\n  hostname comparisons and incorrect URL parsing (bsc#1243850).\n- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups\n  can lead to privilege escalation when information is used for access control (bsc#1244199).\n- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can\n  lead to use-after-free (bsc#1242665).\n\nOther issues fixed:\n\n- Fixed in version 5.9.0.git21.a73f509:\n  * cargo: update dependencies\n  * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat\n  * microsoft/azure: Fix SharedConfig parsing of XML attributes\n  * microsoft/azure: Mock goalstate.SharedConfig output in tests\n  * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).\n  * upcloud: implement UpCloud provider\n  * Update several build dependencies\n    \n- Fixed in version 5.9.0:\n  * cargo: update dependencies\n  * dracut: Return 255 in module-setup\n  * oraclecloud: add release note and move base URL to constant\n  * oraclecloud: implement oraclecloud provider\n  * Update several build dependencies\n\n- Fixed in version 5.8.2:\n  * cargo: update dependencies\n  * packit: add initial support\n\n- Fixed in version 5.7.0.git103.bae893c:\n  * proxmoxve: Add more context to log messages.\n  * proxmoxve: Remove unneeded fields\n  * proxmoxve: Add tests for static network configuration from cloud-init.\n  * proxmoxve: Add support for static network configuration from cloud-init.\n  * providers/openstack: ignore ec2 metadata if not present\n  * proxmox: use noop provider if no configdrive\n  * Update several build dependencies\n\n- Fixed in version 5.7.0:\n  * cargo: update dependencies\n  * dhcp: replace dbus_proxy with proxy, and zbus traits\n  * providers/hetzner: private ipv4 addresses in attributes\n  * openstack: Document the two platforms\n  * microsoft/azure: allow empty certificate chain in PKCS12 file\n  * proxmoxve: implement proxmoxve provider\n  * providers/hetzner: fix duplicate attribute prefix\n  * lint: silence deadcode warnings\n  * lint: address latest lint's from msrv update\n  * cargo: update msrv to 1.75\n  * providers: Add 'akamai' provider\n  * providers/vmware: add missing public functions for non-amd64\n  * providers/vmware: Process guestinfo.metadata netplan configuration\n  * kubevirt: Run afterburn-hostname service\n  * providers: add support for scaleway\n  * Move away from deprecated `users` to `uzers`\n  * providers/hetzner: add support for Hetzner Cloud\n  * cargo: update MSRV to 1.71\n  * cargo: specify required features for nix dependency\n  * openstack: Add attribute OPENSTACK_INSTANCE_UUID\n  * cargo: allow openssl 0.10.46\n  * build-sys: Use new tier = 2 for cargo-vendor-filterer\n  * cargo: fix minimum version of openssl crate\n  * microsoft/crypto/mod: replace deprecated function `parse` with `parse2`\n  * cli: switch to clap derive\n  * cli: add descriptive value names for option arguments in --help\n  * cli: have clap require exactly one of --cmdline/--provider\n  * providers/`*`: move endpoint mocking into retry::Client\n  * retry/client: move URL parsing into helper function\n  * providers/microsoft: import crate::retry\n  * providers/microsoft: use stored client for all fetches\n  * providers/packet: use stored client for boot checkin\n  * initrd: remember to write trailing newline to network kargs file\n  * util: drop obsolete 'OEM' terminology\n  * Inline variables into format strings\n  * Update several build dependencies\n\n- Fixed in version 5.4.1:\n  * cargo: add configuration for cargo-vendor-filterer\n  * util: support DHCP option lookup from NetworkManager\n  * util: factor out retries of DHCP option lookup\n  * util: refactor DHCP option query helper into an enum\n  * util: move dns_lease_key_lookup() to a separate module\n  * cargo: update MSRV to 1.66\n  * cargo: update all packages to fix build error\n  * cargo: continue to support openssh-keys 0.5\n  * cargo: drop serde_derive crate in favor of serde derive feature\n  * cargo: use consistent declaration syntax for slog dependency\n  * cargo: drop unused dependencies\n  * cargo: continue to support base64 0.13\n  * cargo: continue to support mailparse 0.13.8\n  * cargo: continue to support clap 3.1\n  * cargo: stop enabling LTO in release builds\n  * providers/ibmcloud: avoid error if an ssh key not found in metadata\n  * systemd: add explicit ordering, after multi-user.target\n  * network: fix clippy 1.63.0 lints\n  * cargo: allow serde_yaml 0.8\n  * cargo: update version ranges for post-1.x deps\n  * providers: Use inline `format!` in a few places\n  * *: bump MSRV to 1.58.0\n  * cargo: update clap to 3.2.5\n  * copr: mark git checkout as safe\n  * providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID\n  * Update several build dependencies\n\n- Fixed in version 5.3.0:\n  * systemd: enable sshkeys on Power VS platform\n  * network: Encode information for systemd-networkd-wait-online\n  * cargo: update to clap 3.1\n  * cargo: enable clap wrap_help feature\n  * cli: run clap tests\n  * cli: avoid deprecated clap constructs\n  * cargo: update to clap 3.0\n  * cli: use clap mechanism to require exp subcommand\n  * cargo: declare MSRV in Cargo.toml\n  * cargo: update to Rust 2021; bump MSRV to 1.56.0\n  * copr: abort if specfile fetch fails\n  * providers/aws: add AWS_IPV6 attribute\n  * providers/aws: bump metadata version to 2021-01-03\n  * kubevirt: Add KubeVirt platform support\n  * *.service: add/update Documentation field\n  * aws/mock_tests: explicitly drop mocks before resetting\n  * aws/mock_tests: split out IMDS tests\n  * aws/mock_tests: factor out map building\n  * *: use `RemainAfterExit` on all oneshot services\n  * Update several build dependencies\n","id":"SUSE-SU-2025:3786-1","modified":"2025-10-24T13:28:30Z","published":"2025-10-24T13:28:30Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20253786-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196972"},{"type":"REPORT","url":"https://bugzilla.suse.com/1242665"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243850"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244199"},{"type":"REPORT","url":"https://bugzilla.suse.com/1244675"},{"type":"REPORT","url":"https://bugzilla.suse.com/1250471"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-24713"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-12224"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-3416"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-5791"}],"related":["CVE-2022-24713","CVE-2024-12224","CVE-2025-3416","CVE-2025-5791"],"summary":"Security update for afterburn","upstream":["CVE-2022-24713","CVE-2024-12224","CVE-2025-3416","CVE-2025-5791"]}