Recommended update for afterburn SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2025:21046-1 Final 1 1 2025-11-18T09:58:24Z current 2025-11-18T09:58:24Z 2025-11-18T09:58:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for afterburn This update for afterburn fixes the following issues: - Update to version 5.9.0.git21.a73f509: * docs/release-notes: update for release 5.10.0 * cargo: update dependencies * microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat * docs/release-notes: Add entry for Azure SharedConfig XML parsing fix * microsoft/azure: Fix SharedConfig parsing of XML attributes * microsoft/azure: Mock goalstate.SharedConfig output in tests * providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471) * build(deps): bump the build group with 8 updates * build(deps): bump slab from 0.4.10 to 0.4.11 * build(deps): bump actions/checkout from 4 to 5 * upcloud: implement UpCloud provider * build(deps): bump the build group with 4 updates * Sync repo templates ⚙ - Update to version 5.9.0: * cargo: Afterburn release 5.9.0 * docs/release-notes: update for release 5.9.0 * cargo: update dependencies * Add TMT test structure and basic smoke test * build(deps): bump openssl from 0.10.72 to 0.10.73 * build(deps): bump reqwest from 0.12.15 to 0.12.18 * docs/release-notes: Update changelog entry * dracut: Return 255 in module-setup * oraclecloud: add release note and move base URL to constant * oraclecloud: implement oraclecloud provider * build(deps): bump nix from 0.29.0 to 0.30.1 * build(deps): bump zbus from 5.7.0 to 5.7.1 * build(deps): bump serde-xml-rs from 0.6.0 to 0.8.1 * build(deps): bump ipnetwork from 0.20.0 to 0.21.1 * build(deps): bump clap from 4.5.38 to 4.5.39 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-522 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-ru-202521046-1/ Link for SUSE-RU-2025:21046-1 https://lists.suse.com/pipermail/sle-updates/2025-November/042890.html E-Mail link for SUSE-RU-2025:21046-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250471 SUSE Bug 1250471 https://www.suse.com/security/cve/CVE-2025-5791/ SUSE CVE CVE-2025-5791 page SUSE Linux Micro 6.0 afterburn-5.9.0.git21.a73f509-1.1 afterburn-dracut-5.9.0.git21.a73f509-1.1 afterburn-5.9.0.git21.a73f509-1.1 as a component of SUSE Linux Micro 6.0 afterburn-dracut-5.9.0.git21.a73f509-1.1 as a component of SUSE Linux Micro 6.0 A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list. CVE-2025-5791 SUSE Linux Micro 6.0:afterburn-5.9.0.git21.a73f509-1.1 SUSE Linux Micro 6.0:afterburn-dracut-5.9.0.git21.a73f509-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-202521046-1/ https://www.suse.com/security/cve/CVE-2025-5791.html CVE-2025-5791 https://bugzilla.suse.com/1244187 SUSE Bug 1244187