cargo-audit-advisory-db-20231219-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13542 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cargo-audit-advisory-db-20231219-1.1 on GA media These are all security issues fixed in the cargo-audit-advisory-db-20231219-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13542 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13542 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-49092/ SUSE CVE CVE-2023-49092 page openSUSE Tumbleweed cargo-audit-advisory-db-20231219-1.1 cargo-audit-advisory-db-20231219-1.1 as a component of openSUSE Tumbleweed RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer. CVE-2023-49092 openSUSE Tumbleweed:cargo-audit-advisory-db-20231219-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-49092.html CVE-2023-49092 https://bugzilla.suse.com/1217629 SUSE Bug 1217629