Security update for python-maturin SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20235-1 Final 1 1 2026-02-05T20:51:34Z current 2026-02-05T20:51:34Z 2026-02-05T20:51:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for python-maturin This update for python-maturin fixes the following issues: - CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249011) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SL-Micro-6.2-246 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620235-1/ Link for SUSE-SU-2026:20235-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024100.html E-Mail link for SUSE-SU-2026:20235-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1249011 SUSE Bug 1249011 https://www.suse.com/security/cve/CVE-2025-58160/ SUSE CVE CVE-2025-58160 page SUSE Linux Micro 6.2 python313-maturin-1.8.7-160000.3.1 python313-maturin-1.8.7-160000.3.1 as a component of SUSE Linux Micro 6.2 tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to manipulate terminal title bars, clear screens or modify terminal display, and potentially mislead users through terminal manipulation. tracing-subscriber version 0.3.20 fixes this vulnerability by escaping ANSI control characters when writing events to destinations that may be printed to the terminal. A workaround involves avoiding printing logs to terminal emulators without escaping ANSI control sequences. CVE-2025-58160 SUSE Linux Micro 6.2:python313-maturin-1.8.7-160000.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620235-1/ https://www.suse.com/security/cve/CVE-2025-58160.html CVE-2025-58160 https://bugzilla.suse.com/1249007 SUSE Bug 1249007