{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for cargo-auditable","title":"Title of the patch"},{"category":"description","text":"This update for cargo-auditable fixes the following issues:\n\nUpdate to version 0.7.2~0.\n\nSecurity issues fixed:\n\n- CVE-2026-25727: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion\n  (bsc#1257906).\n\nOther updates and bugfixes:\n\n- Update to version 0.7.2~0:\n\n  * mention cargo-dist in README\n  * commit Cargo.lock\n  * bump which dev-dependency to 8.0.0\n  * bump object to 0.37\n  * Upgrade cargo_metadata to 0.23\n  * Expand the set of dist platforms in config\n\n- Update to version 0.7.1~0:\n\n  * Out out of unhelpful clippy lint\n  * Satisfy clippy\n  * Do not assume --crate-name and --out-dir are present in the rustc command, but show warnings if they aren't\n  * Run apt-get update before trying to install packages\n  * run `cargo dist init` on dist 0.30\n  * Drop allow-dirty from dist config, should no longer be needed\n  * Reorder paragraphs in README\n  * Note the maintenance transition for the go extraction library\n  * Editing pass on the adopters: scanners\n  * clarify Docker support\n  * Cargo clippy fix\n  * Add Wolfi OS and Chainguard to adopters\n  * Update mentions around Anchore tooling\n  * README and documentation updates for nightly\n  * Bump dependency version in rust-audit-info\n  * More work on docs\n  * Nicer formatting on format revision documentation\n  * Bump versions\n  * regenerate JSON schema\n  * cargo fmt\n  * Document format field\n  * Make it more clear that RawVersionInfo is private\n  * Add format field to the serialized data\n  * cargo clippy fix\n  * Add special handling for proc macros to treat them as the build dependencies they are\n  * Add a test to ensure proc macros are reported as build dependencies\n  * Add a test fixture for a crate with a proc macro dependency\n  * parse fully qualified package ID specs from SBOMs\n  * select first discovered SBOM file\n  * cargo sbom integration\n  * Get rid of unmaintained wee_alloc in test code to make people's scanners misled by GHSA chill out\n  * Don't fail plan workflow due to manually changed release.yml\n  * Bump Ubuntu version to hopefully fix release.yml workflow\n  * Add test for stripped binary\n  * Bump version to 0.6.7\n  * Populate changelog\n  * README.md: add auditable2cdx, more consistency in text\n  * Placate clippy\n  * Do not emit -Wl if a bare linker is in use\n  * Get rid of a compiler warning\n  * Add bare linker detection function\n  * drop boilerplate from test that's no longer relevant\n  * Add support for recovering rustc codegen options\n  * More lenient parsing of rustc arguments\n  * More descriptive error message in case rustc is killed abruptly\n  * change formatting to fit rustfmt\n  * More descriptive error message in case cargo is killed\n  * Update REPLACING_CARGO.md to fix #195\n  * Clarify osv-scanner support in README\n  * Include the command required to view metadata\n  * Mention wasm-tools support\n  * Switch from broken generic cache action to a Rust-specific one\n  * Fill in various fields in auditable2cdx Cargo.toml\n  * Include osv-scanner in the list, with a caveat\n  * Add link to blint repo to README\n  * Mention that blint supports our data\n  * Consolidate target definitions\n  * Account for WASM test dependencies changing, commit the Cargo.lock so they would stop doing that\n  * Migrate to a maintained toolchain action\n  * Fix author specification\n  * Add link to repository to resolverver Cargo.toml\n  * Bump resolverver to 0.1.0\n  * Add resolverver crate to the tree\n\n- Update to version 0.6.6~0:\n\n  * Note the `object` upgrade in the changelog\n  * Upgrade cyclonedx-bom from 0.5 to 0.8 in auditable-cyclonedx\n  * Upgrade object crate from 0.30 to 0.36 to reduce dependency footprint\n  * Update dependencies in the lock file\n  * Populate changelog\n  * apply clippy lint\n  * add another --emit parsing test\n  * shorter code with cargo fmt\n  * Actually fix cargo-c compatibility\n  * Attempt to fix cargo-capi incompatibility\n  * Refactoring in preparation for fixes\n  * Also read the --emit flag to rustc\n  * Fill in changelogs\n  * Bump versions\n  * Drop cfg'd out tests\n  * Drop obsolete doc line\n  * Move dependency cycle tests from auditable-serde to cargo-auditable crate\n  * Remove cargo_metadata from auditable-serde API surface.\n  * Apply clippy lint\n  * Upgrade miniz_oxide to 0.8.0\n  * Insulate our semver from miniz_oxide semver\n  * Add support for Rust 2024 edition\n  * Update tests\n  * More robust OS detection for riscv feature detection\n  * bump version\n  * update changelog for auditable-extract 0.3.5\n  * Fix wasm component auditable data extraction\n  * Update blocker description in README.md\n  * Add openSUSE to adopters\n  * Update list of know adopters\n  * Fix detection of `riscv64-linux-android` target features\n  * Silence noisy lint\n  * Bump version requirement in rust-audit-info\n  * Fill in changelogs\n  * Bump semver of auditable-info\n  * Drop obsolete comment now that wasm is enabled by default\n  * Remove dependency on cargo-lock\n  * Brag about adoption in the README\n  * Don't use LTO for cargo-dist builds to make them consistent with `cargo install` etc\n  * Also build musl binaries\n  * dist: update dist config for future releases\n  * dist(cargo-auditable): ignore auditable2cdx for now\n  * chore: add cargo-dist\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2026-505,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-505,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-505,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-505,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-505,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-505,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-505,openSUSE-SLE-15.6-2026-505","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0505-1.json"},{"category":"self","summary":"URL for SUSE-SU-2026:0505-1","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260505-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2026:0505-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024243.html"},{"category":"self","summary":"SUSE Bug 1257906","url":"https://bugzilla.suse.com/1257906"},{"category":"self","summary":"SUSE CVE CVE-2026-25727 page","url":"https://www.suse.com/security/cve/CVE-2026-25727/"}],"title":"Security update for cargo-auditable","tracking":{"current_release_date":"2026-02-13T14:31:50Z","generator":{"date":"2026-02-13T14:31:50Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2026:0505-1","initial_release_date":"2026-02-13T14:31:50Z","revision_history":[{"date":"2026-02-13T14:31:50Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","product":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","product_id":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"cargo-auditable-0.7.2~0-150500.12.6.1.i586","product":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.i586","product_id":"cargo-auditable-0.7.2~0-150500.12.6.1.i586"}}],"category":"architecture","name":"i586"},{"branches":[{"category":"product_version","name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","product":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","product_id":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x","product":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x","product_id":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","product":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","product_id":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-espos:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP6-LTSS","product":{"name":"SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp6"}}},{"category":"product_name","name":"openSUSE Leap 15.6","product":{"name":"openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.6"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS","product_id":"SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6-LTSS"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.s390x","relates_to_product_reference":"openSUSE Leap 15.6"},{"category":"default_component_of","full_product_name":{"name":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64 as component of openSUSE Leap 15.6","product_id":"openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"},"product_reference":"cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","relates_to_product_reference":"openSUSE Leap 15.6"}]},"vulnerabilities":[{"cve":"CVE-2026-25727","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2026-25727"}],"notes":[{"category":"general","text":"time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used features that are part of the RFC 2822 format used in a malicious manner. Ordinary, non-malicious input will never encounter this scenario. A limit to the depth of recursion was added in v0.3.47. From this version, an error will be returned rather than exhausting the stack.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2026-25727","url":"https://www.suse.com/security/cve/CVE-2026-25727"},{"category":"external","summary":"SUSE Bug 1257901 for CVE-2026-25727","url":"https://bugzilla.suse.com/1257901"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","SUSE Linux Enterprise Server 15 SP5-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","SUSE Linux Enterprise Server 15 SP6-LTSS:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 15 SP5:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","SUSE Linux Enterprise Server for SAP Applications 15 SP6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.aarch64","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.ppc64le","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.s390x","openSUSE Leap 15.6:cargo-auditable-0.7.2~0-150500.12.6.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-13T14:31:50Z","details":"important"}],"title":"CVE-2026-25727"}]}