SUSE alert openSUSE-SU-2025:0377-1 (afterburn)
| From: | opensuse-security@opensuse.org | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2025:0377-1: important: Security update for afterburn | |
| Date: | Mon, 29 Sep 2025 21:05:04 +0200 | |
| Message-ID: | <20250929190504.51AD8FCE1@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE Security Update: Security update for afterburn ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0377-1 Rating: important References: #1244675 #1250471 Cross-References: CVE-2025-5791 CVSS scores: CVE-2025-5791 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE Backports SLE-15-SP7 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for afterburn fixes the following issues: - Update to version 5.9.0.git21.a73f509: * docs/release-notes: update for release 5.10.0 * cargo: update dependencies * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat * docs/release-notes: Add entry for Azure SharedConfig XML parsing fix * microsoft/azure: Fix SharedConfig parsing of XML attributes * microsoft/azure: Mock goalstate.SharedConfig output in tests * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one, fixes boo#1250471 * build(deps): bump the build group with 8 updates * build(deps): bump slab from 0.4.10 to 0.4.11 * build(deps): bump actions/checkout from 4 to 5 * upcloud: implement UpCloud provider * build(deps): bump the build group with 4 updates * Sync repo templates ⚙ - Update to version 5.9.0: * cargo: Afterburn release 5.9.0 * docs/release-notes: update for release 5.9.0 * cargo: update dependencies * Add TMT test structure and basic smoke test * build(deps): bump openssl from 0.10.72 to 0.10.73 * build(deps): bump reqwest from 0.12.15 to 0.12.18 * docs/release-notes: Update changelog entry * dracut: Return 255 in module-setup * oraclecloud: add release note and move base URL to constant * oraclecloud: implement oraclecloud provider * build(deps): bump nix from 0.29.0 to 0.30.1 * build(deps): bump zbus from 5.7.0 to 5.7.1 * build(deps): bump serde-xml-rs from 0.6.0 to 0.8.1 * build(deps): bump ipnetwork from 0.20.0 to 0.21.1 * build(deps): bump clap from 4.5.38 to 4.5.39 - Fix Requires in noarch package to not be arch specific (boo#1244675) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP7: zypper in -t patch openSUSE-2025-377=1 Package List: - openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64): afterburn-5.9.0.git21.a73f509-bp157.2.6.1 - openSUSE Backports SLE-15-SP7 (noarch): afterburn-dracut-5.9.0.git21.a73f509-bp157.2.6.1 References: https://www.suse.com/security/cve/CVE-2025-5791.html https://bugzilla.suse.com/1244675 https://bugzilla.suse.com/1250471