SUSE alert openSUSE-SU-2026:20380-1 (snpguest)
| From: | null@suse.de | |
| To: | security-announce@lists.opensuse.org | |
| Subject: | openSUSE-SU-2026:20380-1: important: Security update for snpguest | |
| Date: | Wed, 25 Mar 2026 17:52:05 +0100 | |
| Message-ID: | <20260325165205.A6461FD9F@maintenance.suse.de> | |
| Archive-link: | Article |
openSUSE security update: security update for snpguest ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20380-1 Rating: important References: * bsc#1257877 * bsc#1257927 Cross-References: * CVE-2026-25727 CVSS scores: * CVE-2026-25727 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-25727 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has 2 bug fixes can now be installed. Description: This update for snpguest fixes the following issues: - CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257927). - Update to version 0.10.0 (bsc#1257877): * chore: updating tool version to 0.10.0 * refactor(certs): remove redundant branch in file-write logic * Docs: Adding verify measure, host-data, report-data to docs * verify: verify measurent, host data, and report data attributes from the attestation report. * library: Updating sev library to 7.1.0 * ci: replace deprecated gh actions * feat: multi-format integer parsing for key subcommand arguments * chore(main): remove unused import `clap::arg` * feat(fetch): add fetch crl subcommand * .github/lint: Bump toolchain version to 1.86 * Bump rust version to 1.86 * feat: bumping tool to version 0.9.2 * fix(verify): silence mismatched_lifetime_syntaxes in SnpOid::oid * feat: support SEV-SNP ABI Spec 1.58 (bump sev to v6.3.0) * docs: restore and clarify Global Options section * doc: fix CL argument orders + address recent changes * fix(hyperv): downgrade VMPL check from error to warning * fix(report.rs): remove conflict check between --random flag and Hyper-V * fix(report.rs): Decouple runtime behavior from hyperv build feature * refactor: clarify --platform error message * docs: add Azure/Hyper-V build note for --platform * docs: Update README.md * report: Writing Req Data as Binary (#101) * deps: bump virtee/sev to 6.2.1 (fix TCB-serialization bug) (#99) Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-398=1 Package List: - openSUSE Leap 16.0: snpguest-0.10.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2026-25727.html