Security update for python-maturin SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20180-1 Final 1 1 2026-02-05T20:51:59Z current 2026-02-05T20:51:59Z 2026-02-05T20:51:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-maturin This update for python-maturin fixes the following issues: - CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249011) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-246 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1249011 SUSE Bug 1249011 https://www.suse.com/security/cve/CVE-2025-58160/ SUSE CVE CVE-2025-58160 page openSUSE Leap 16.0 python313-maturin-1.8.7-160000.3.1 python313-maturin-1.8.7-160000.3.1 as a component of openSUSE Leap 16.0 tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences. CVE-2025-58160 openSUSE Leap 16.0:python313-maturin-1.8.7-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-58160.html CVE-2025-58160 https://bugzilla.suse.com/1249007 SUSE Bug 1249007