[SECURITY] [DLA 4049-1] rust-openssl security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4049-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Andrej Shadura
February 11, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : rust-openssl
Version : 0.10.29-1+deb11u1
CVE ID : CVE-2025-24898
A vulnerability has been discovered in rust-openssl, a set of OpenSSL
bindings for the Rust programming language.
In affected versions ssl::select_next_proto can return a slice pointing
into the server argument's buffer but with a lifetime bound to the
client argument. In situations where the sever buffer's lifetime is
shorter than the client buffer's, this can cause a use after free.
This could cause the server to crash or to return arbitrary memory
contents to the client. This security update fixes the signature of
ssl::select_next_proto to properly constrain the output buffer's lifetime
to that of both input buffers. In standard usage of ssl::select_next_proto
in the callback passed to SslContextBuilder::set_alpn_select_callback,
code is only affected if the server buffer is constructed within the
callback.
For Debian 11 bullseye, this problem has been fixed in version
0.10.29-1+deb11u1.
We recommend that you upgrade your rust-openssl packages.
For the detailed security status of rust-openssl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/rust-openssl
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZ6rrtQAKCRDoRGtKyMdy
Ya/XAQDVywM2J61ykGA+wBUiUk7Gv87cHmeCxONKW7z+73rv8gD9FAujw7r4SN5Z
r91EcuMVDpNK8BCJHt4ysXUZwlDvKw4=
=j+S0
-----END PGP SIGNATURE-----
Reply to: