SUSE-SU-2026:2441-1

Details

Description of the patch:

This update for rustup fixes the following issues

CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion (bsc#1257902).
rust-shlex: Multiple issues involving quote API (RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27) (bsc#1230032).

Affected Packages

rustup

SUSE Linux Enterprise Desktop 15 SP7SUSE Linux Enterprise High Performance Computing 15 SP7SUSE Linux Enterprise Module for Development Tools 15 SP7SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6-LTSS

Fixed in:

1.28.2~0-150600.10.10.1

References

ADVISORY

https://bugzilla.suse.com/1230032

ADVISORY

https://bugzilla.suse.com/1257902

ADVISORY

https://lists.suse.com/pipermail/sle-updates/2026-June/047416.html

ADVISORY

https://www.suse.com/security/cve/CVE-2026-25727/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2026/suse-su-20262441-1/