Not a user yet?
Log in Register for free Suggest a product
Update

USN-7891-1: rust-openssl vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-7891-1: rust-openssl vulnerabilities

Publication date: 26 November 2025
Overview: Several security issues were fixed in rust-openssl.

Packages

  • rust-openssl - OpenSSL bindings for Rust

Details
Matt Mastracci discovered that rust-openssl was incorrectly handling server
lifetimes in certain functions. An attacker could possibly use this issue
to cause a denial of service or run arbitrary memory content to the client.
(CVE-2025-24898)

It was discovered that rust-openssl was incorrectly handling empty strings
when setting the host in certain functions. An attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-53159)

It was discovered that rust-openssl was incorrectly handling property
arguments in certain functions. An attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS. (CVE-2025-3416)

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

24.04 LTS noble

  • librust-openssl-dev – 0.10.57-1ubuntu0.1~esm1

22.04 LTS jammy

  • librust-openssl-dev – 0.10.36-1ubuntu0.1~esm1

20.04 LTS focal

  • librust-openssl-dev – 0.10.23-1ubuntu0.1~esm1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad