-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4049-1 [email protected] https://www.debian.org/lts/security/ Andrej Shadura February 11, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : rust-openssl Version : 0.10.29-1+deb11u1 CVE ID : CVE-2025-24898 A vulnerability has been discovered in rust-openssl, a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::select_next_proto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cause a use after free. This could cause the server to crash or to return arbitrary memory contents to the client. This security update fixes the signature of ssl::select_next_proto to properly constrain the output buffer's lifetime to that of both input buffers. In standard usage of ssl::select_next_proto in the callback passed to SslContextBuilder::set_alpn_select_callback, code is only affected if the server buffer is constructed within the callback. For Debian 11 bullseye, this problem has been fixed in version 0.10.29-1+deb11u1. We recommend that you upgrade your rust-openssl packages. For the detailed security status of rust-openssl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rust-openssl Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZ6rrtQAKCRDoRGtKyMdy Ya/XAQDVywM2J61ykGA+wBUiUk7Gv87cHmeCxONKW7z+73rv8gD9FAujw7r4SN5Z r91EcuMVDpNK8BCJHt4ysXUZwlDvKw4= =j+S0 -----END PGP SIGNATURE-----
