[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4049-1] rust-openssl security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4049-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                       Andrej Shadura
February 11, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : rust-openssl
Version        : 0.10.29-1+deb11u1
CVE ID         : CVE-2025-24898

A vulnerability has been discovered in rust-openssl, a set of OpenSSL
bindings for the Rust programming language.

In affected versions ssl::select_next_proto can return a slice pointing
into the server argument's buffer but with a lifetime bound to the
client argument. In situations where the sever buffer's lifetime is
shorter than the client buffer's, this can cause a use after free.

This could cause the server to crash or to return arbitrary memory
contents to the client. This security update fixes the signature of
ssl::select_next_proto to properly constrain the output buffer's lifetime
to that of both input buffers. In standard usage of ssl::select_next_proto
in the callback passed to SslContextBuilder::set_alpn_select_callback,
code is only affected if the server buffer is constructed within the
callback.

For Debian 11 bullseye, this problem has been fixed in version
0.10.29-1+deb11u1.

We recommend that you upgrade your rust-openssl packages.

For the detailed security status of rust-openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rust-openssl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZ6rrtQAKCRDoRGtKyMdy
Ya/XAQDVywM2J61ykGA+wBUiUk7Gv87cHmeCxONKW7z+73rv8gD9FAujw7r4SN5Z
r91EcuMVDpNK8BCJHt4ysXUZwlDvKw4=
=j+S0
-----END PGP SIGNATURE-----


Reply to: