<div class="container">
<h1>Security update for afterburn</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20474-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-07-10T14:27:22Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1242665">bsc#1242665</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2025-3416.html">CVE-2025-3416</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-3416</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">6.3</span>
<span class="cvss-vector">CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-3416</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.7</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2025-3416</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">3.7</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.1</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability can now be installed.</p>
<h2>Description:</h2>
<p>This update for afterburn fixes the following issues:</p>
<ul>
<li>Update to version 5.8.2:</li>
<li>cargo: Afterburn release 5.8.2</li>
<li>docs/release-notes: update for release 5.8.2</li>
<li>cargo: update dependencies</li>
<li>
<p>packit: add initial support</p>
</li>
<li>
<p>Update to version 5.7.0:</p>
</li>
<li>build(deps): bump crossbeam-channel from 0.5.13 to 0.5.15</li>
<li>build(deps): bump tokio from 1.40.0 to 1.44.2</li>
<li>CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and
Cipher::fetch in rust-openssl crate (bsc#1242665) </li>
<li>build(deps): bump zbus from 4.4.0 to 5.5.0</li>
<li>mod.rs: Fix clippy lint errors</li>
<li>release-notes.md: add release notes for rust version update</li>
<li>Cargo.toml: bump MSRV to 1.84.1</li>
<li>build(deps): bump mockito from 1.6.1 to 1.7.0</li>
<li>build(deps): bump serde_json from 1.0.139 to 1.0.140</li>
<li>build(deps): bump tempfile from 3.17.1 to 3.19.1</li>
<li>build(deps): bump clap from 4.5.31 to 4.5.35</li>
<li>build(deps): bump reqwest from 0.12.12 to 0.12.15</li>
<li>Update release notes.</li>
<li>proxmoxve: Add more context to log messages.</li>
<li>proxmoxve: Remove unneeded fields</li>
<li>proxmoxve: Add tests for static network configuration from cloud-init.</li>
<li>proxmoxve: Add support for static network configuration from cloud-init.</li>
<li>build(deps): bump mailparse from 0.15.0 to 0.16.1</li>
<li>build(deps): bump ring from 0.17.8 to 0.17.13</li>
<li>build(deps): bump anyhow from 1.0.95 to 1.0.96</li>
<li>release notes: add notes for tempfile bump from 3.16.0 to 3.17.1</li>
<li>build(deps): bump serde from 1.0.217 to 1.0.218</li>
<li>build(deps): bump openssl from 0.10.70 to 0.10.71</li>
<li>build(deps): bump tempfile from 3.16.0 to 3.17.1</li>
<li>build(deps): bump serde_json from 1.0.138 to 1.0.139</li>
<li>build(deps): bump clap from 4.5.27 to 4.5.31</li>
<li>add makefile targets for fmt,lint and test</li>
<li>providers/openstack: ignore ec2 metadata if not present</li>
<li>build(deps): bump ipnetwork from 0.20.0 to 0.21.1</li>
<li>build(deps): bump reqwest from 0.12.7 to 0.12.12</li>
<li>docs: add changelog entry</li>
<li>proxmox: use noop provider if no configdrive</li>
<li>add noop provider</li>
<li>
<p>release-notes: remove "upcoming"</p>
</li>
<li>
<p>Update to version 5.7.0:</p>
</li>
<li>cargo: Afterburn release 5.7.0</li>
<li>docs/release-notes: update for release 5.7.0</li>
<li>cargo: update dependencies</li>
<li>dhcp: replace dbus_proxy with proxy, and zbus traits</li>
<li>build(deps): bump zbus from 3.15.2 to 4.4.0</li>
<li>build(deps): bump tempfile from 3.10.1 to 3.12.0</li>
<li>build(deps): bump serde from 1.0.205 to 1.0.210</li>
<li>build(deps): bump serde_json from 1.0.121 to 1.0.127</li>
<li>build(deps): bump reqwest from 0.12.5 to 0.12.7</li>
<li>build(deps): bump uzers from 0.12.0 to 0.12.1</li>
<li>build(deps): bump clap from 4.5.13 to 4.5.16</li>
<li>build(deps): bump serde from 1.0.203 to 1.0.205</li>
<li>build(deps): bump serde_json from 1.0.119 to 1.0.121</li>
<li>build(deps): bump mockito from 1.4.0 to 1.5.0</li>
<li>build(deps): bump openssh-keys from 0.6.3 to 0.6.4</li>
<li>build(deps): bump clap from 4.5.8 to 4.5.13</li>
<li>build(deps): bump openssl from 0.10.64 to 0.10.66</li>
<li>providers/hetzner: private ipv4 addresses in attributes</li>
<li>openstack: Document the two platforms</li>
<li>build(deps): bump zerovec-derive from 0.10.2 to 0.10.3</li>
<li>build(deps): bump zerovec from 0.10.2 to 0.10.4</li>
<li>build(deps): bump nix from 0.27.1 to 0.29.0</li>
<li>microsoft/azure: allow empty certificate chain in PKCS12 file</li>
<li>proxmoxve: implement proxmoxve provider</li>
<li>providers/hetzner: fix duplicate attribute prefix</li>
<li>build(deps): bump pnet_base from 0.34.0 to 0.35.0</li>
<li>cargo: Afterburn release 5.6.0</li>
<li>docs/release-notes: update for release 5.6.0</li>
<li>cargo: update dependencies</li>
<li>build(deps): bump libflate from 1.4.0 to 2.1.0</li>
<li>build(deps): bump base64 from 0.21.7 to 0.22.1</li>
<li>build(deps): bump uzers from 0.11.3 to 0.12.0</li>
<li>build(deps): bump pnet_datalink from 0.34.0 to 0.35.0</li>
<li>build(deps): bump nix from 0.28.0 to 0.29.0</li>
<li>lint: silence deadcode warnings</li>
<li>lint: address latest lint's from msrv update</li>
<li>workflows/rust: directly update toolchain to 1.75.0</li>
<li>cargo: update msrv to 1.75</li>
<li>build(deps): bump reqwest from 0.12.2 to 0.12.4</li>
<li>build(deps): bump serde from 1.0.197 to 1.0.200</li>
<li>build(deps): bump anyhow from 1.0.81 to 1.0.82</li>
<li>build(deps): bump mailparse from 0.14.1 to 0.15.0</li>
<li>build(deps): bump serde_json from 1.0.115 to 1.0.116</li>
<li>providers: Add "akamai" provider</li>
<li>build(deps): bump h2 from 0.3.24 to 0.3.26</li>
<li>build(deps): bump anyhow from 1.0.79 to 1.0.81</li>
<li>build(deps): bump serde_json from 1.0.113 to 1.0.115</li>
<li>build(deps): bump reqwest from 0.11.24 to 0.12.2</li>
<li>build(deps): bump serde_yaml from 0.9.32 to 0.9.34+deprecated</li>
<li>build(deps): bump mio from 0.8.10 to 0.8.11</li>
<li>build(deps): bump mailparse from 0.14.0 to 0.14.1</li>
<li>build(deps): bump openssl from 0.10.62 to 0.10.64</li>
<li>build(deps): bump nix from 0.27.1 to 0.28.0</li>
<li>build(deps): bump mockito from 1.2.0 to 1.4.0</li>
<li>build(deps): bump tempfile from 3.9.0 to 3.10.1</li>
<li>build(deps): bump serde_yaml from 0.9.31 to 0.9.32</li>
<li>build(deps): bump serde from 1.0.195 to 1.0.197</li>
<li>build(deps): bump h2 from 0.3.23 to 0.3.24</li>
<li>build(deps): bump slog-term from 2.9.0 to 2.9.1</li>
<li>build(deps): bump serde_yaml from 0.9.30 to 0.9.31</li>
<li>build(deps): bump serde_json from 1.0.111 to 1.0.113</li>
<li>build(deps): bump clap from 4.4.16 to 4.4.18</li>
<li>build(deps): bump reqwest from 0.11.23 to 0.11.24</li>
<li>cargo: Afterburn release 5.5.1</li>
<li>docs/release-notes: update for release 5.5.1</li>
<li>cargo: update dependencies</li>
<li>build(deps): bump anyhow from 1.0.75 to 1.0.78</li>
<li>build(deps): bump serde_yaml from 0.9.27 to 0.9.29</li>
<li>build(deps): bump reqwest from 0.11.22 to 0.11.23</li>
<li>build(deps): bump serde_json from 1.0.108 to 1.0.109</li>
<li>build(deps): bump openssl from 0.10.60 to 0.10.62</li>
<li>build(deps): bump tempfile from 3.8.1 to 3.9.0</li>
<li>build(deps): bump clap from 4.4.10 to 4.4.12</li>
<li>build(deps): bump unsafe-libyaml from 0.2.9 to 0.2.10</li>
<li>providers/vmware: add missing public functions for non-amd64</li>
<li>build(deps): bump clap from 4.4.8 to 4.4.10</li>
<li>cargo: Afterburn release 5.5.0</li>
<li>build(deps): bump openssl from 0.10.59 to 0.10.60</li>
<li>docs/release-notes: update for release 5.5.0</li>
<li>cargo: update dependencies</li>
<li>ci: cancel previous build on PR update</li>
<li>build(deps): allow building with libsystemd 0.7.0</li>
<li>providers/vmware: Process guestinfo.metadata netplan configuration</li>
<li>kubevirt: Run afterburn-hostname service</li>
<li>build(deps): bump reqwest from 0.11.20 to 0.11.22</li>
<li>build(deps): bump tempfile from 3.8.0 to 3.8.1</li>
<li>build(deps): bump clap from 4.4.6 to 4.4.7</li>
<li>build(deps): bump serde_json from 1.0.107 to 1.0.108</li>
<li>build(deps): bump serde_yaml from 0.9.25 to 0.9.27</li>
<li>build(deps): bump rustix from 0.37.19 to 0.37.25</li>
<li>build(deps): bump clap from 4.4.2 to 4.4.6</li>
<li>build(deps): bump serde_json from 1.0.105 to 1.0.107</li>
<li>build(deps): bump mockito from 1.1.0 to 1.2.0</li>
<li>providers: add support for scaleway</li>
<li>Move away from deprecated <code>users</code> to <code>uzers</code></li>
<li>providers/hetzner: add support for Hetzner Cloud</li>
<li>build(deps): bump clap from 4.4.1 to 4.4.2</li>
<li>cargo: update MSRV to 1.71</li>
<li>build(deps): bump clap from 4.3.19 to 4.4.1</li>
<li>chore: Get rid of Clippy warnings</li>
<li>cargo: specify required features for nix dependency</li>
<li>build(deps): bump nix from 0.26.2 to 0.27.1</li>
<li>build(deps): bump slog-async from 2.7.0 to 2.8.0</li>
<li>build(deps): bump openssl from 0.10.56 to 0.10.57</li>
<li>build(deps): bump reqwest from 0.11.18 to 0.11.20</li>
<li>build(deps): bump serde from 1.0.185 to 1.0.188</li>
<li>build(deps): bump tempfile from 3.7.1 to 3.8.0</li>
<li>build(deps): bump serde from 1.0.183 to 1.0.185</li>
<li>build(deps): bump anyhow from 1.0.72 to 1.0.75</li>
<li>build(deps): bump serde_json from 1.0.104 to 1.0.105</li>
<li>build(deps): bump openssl from 0.10.55 to 0.10.56</li>
<li>build(deps): bump tempfile from 3.7.0 to 3.7.1</li>
<li>build(deps): bump serde from 1.0.180 to 1.0.183</li>
<li>build(deps): bump serde from 1.0.179 to 1.0.180</li>
<li>build(deps): bump serde_json from 1.0.103 to 1.0.104</li>
<li>build(deps): bump serde from 1.0.175 to 1.0.179</li>
<li>build(deps): bump pnet_datalink from 0.33.0 to 0.34.0</li>
<li>build(deps): bump serde from 1.0.171 to 1.0.175</li>
<li>build(deps): bump clap from 4.3.14 to 4.3.19</li>
<li>build(deps): bump pnet_base from 0.33.0 to 0.34.0</li>
<li>build(deps): bump serde_yaml from 0.9.23 to 0.9.25</li>
<li>build(deps): bump tempfile from 3.6.0 to 3.7.0</li>
<li>build(deps): bump clap from 4.3.11 to 4.3.14</li>
<li>build(deps): bump serde_yaml from 0.9.22 to 0.9.23</li>
<li>build(deps): bump anyhow from 1.0.71 to 1.0.72</li>
<li>build(deps): bump serde_json from 1.0.100 to 1.0.103</li>
<li>build(deps): bump clap from 4.3.10 to 4.3.11</li>
<li>build(deps): bump serde_json from 1.0.99 to 1.0.100</li>
<li>build(deps): bump openssh-keys from 0.6.1 to 0.6.2</li>
<li>build(deps): bump zbus from 3.13.1 to 3.14.1</li>
<li>build(deps): bump clap from 4.3.8 to 4.3.10</li>
<li>build(deps): bump serde from 1.0.164 to 1.0.165</li>
<li>build(deps): bump serde_json from 1.0.96 to 1.0.99</li>
<li>build(deps): bump clap from 4.3.3 to 4.3.8</li>
<li>build(deps): bump serde_yaml from 0.9.21 to 0.9.22</li>
<li>build(deps): bump openssl from 0.10.54 to 0.10.55</li>
<li>build(deps): bump mockito from 1.0.2 to 1.1.0</li>
<li>openstack: Add attribute OPENSTACK_INSTANCE_UUID</li>
<li>build(deps): bump serde from 1.0.163 to 1.0.164</li>
<li>build(deps): bump clap from 4.3.2 to 4.3.3</li>
<li>build(deps): bump tempfile from 3.5.0 to 3.6.0</li>
<li>cargo: Afterburn release 5.4.3</li>
<li>docs/release-notes: update for release 5.4.3</li>
<li>cargo: update dependencies</li>
<li>cargo: allow openssl 0.10.46</li>
<li>build(deps): bump openssl from 0.10.52 to 0.10.54</li>
<li>build(deps): bump openssh-keys from 0.6.0 to 0.6.1</li>
<li>build(deps): bump vmw_backdoor from 0.2.3 to 0.2.4</li>
<li>ci: strip debug symbols</li>
<li>build-sys: Use new tier = 2 for cargo-vendor-filterer</li>
<li>build(deps): bump reqwest from 0.11.17 to 0.11.18</li>
<li>cargo: Afterburn release 5.4.2</li>
<li>docs/release-notes: update for release</li>
<li>docs/release-notes: note Azure SSH regression fix with new openssl</li>
<li>cargo: fix minimum version of openssl crate</li>
<li>build(deps): bump serde from 1.0.162 to 1.0.163</li>
<li>build(deps): bump zbus from 3.12.0 to 3.13.1</li>
<li>build(deps): bump serde from 1.0.160 to 1.0.162</li>
<li>build(deps): bump anyhow from 1.0.70 to 1.0.71</li>
<li>build(deps): bump openssl from 0.10.51 to 0.10.52</li>
<li>build(deps): bump reqwest from 0.11.16 to 0.11.17</li>
<li>build(deps): bump openssl from 0.10.50 to 0.10.51</li>
<li>build(deps): bump enumflags2 from 0.7.5 to 0.7.7</li>
<li>build(deps): bump openssl from 0.10.48 to 0.10.50</li>
<li>build(deps): bump zbus from 3.11.1 to 3.12.0</li>
<li>build(deps): bump serde_json from 1.0.95 to 1.0.96</li>
<li>build(deps): bump h2 from 0.3.15 to 0.3.17</li>
<li>build(deps): bump openssl from 0.10.47 to 0.10.48</li>
<li>microsoft/crypto/mod: replace deprecated function <code>parse</code> with <code>parse2</code></li>
<li>build(deps): bump serde from 1.0.159 to 1.0.160</li>
<li>build(deps): bump serde_yaml from 0.9.19 to 0.9.21</li>
<li>build(deps): bump tempfile from 3.4.0 to 3.5.0</li>
<li>build(deps): bump serde from 1.0.158 to 1.0.159</li>
<li>build(deps): bump mockito from 1.0.1 to 1.0.2</li>
<li>Update mockito to 1.0.1</li>
<li>build(deps): bump reqwest from 0.11.15 to 0.11.16</li>
<li>build(deps): bump serde_json from 1.0.94 to 1.0.95</li>
<li>cli: switch to clap derive</li>
<li>cli: add descriptive value names for option arguments in --help</li>
<li>build(deps): bump zbus from 3.11.0 to 3.11.1</li>
<li>build(deps): bump openssl from 0.10.45 to 0.10.47</li>
<li>build(deps): bump reqwest from 0.11.14 to 0.11.15</li>
<li>build(deps): bump serde from 1.0.155 to 1.0.158</li>
<li>build(deps): bump anyhow from 1.0.69 to 1.0.70</li>
<li>cli: have clap require exactly one of --cmdline/--provider</li>
<li>providers/*: move endpoint mocking into retry::Client</li>
<li>retry/client: move URL parsing into helper function</li>
<li>providers/microsoft: import crate::retry</li>
<li>providers/microsoft: use stored client for all fetches</li>
<li>providers/packet: use stored client for boot checkin</li>
<li>build(deps): bump zbus from 3.10.0 to 3.11.0</li>
<li>build(deps): bump serde from 1.0.152 to 1.0.155</li>
<li>docs: Use upstream theme & update to 0.4.1</li>
<li>build(deps): bump serde_json from 1.0.93 to 1.0.94</li>
<li>build(deps): bump serde_yaml from 0.9.17 to 0.9.19</li>
<li>build(deps): bump mockito from 0.32.3 to 0.32.4</li>
<li>build(deps): bump tempfile from 3.3.0 to 3.4.0</li>
<li>initrd: remember to write trailing newline to network kargs file</li>
<li>util: drop obsolete "OEM" terminology</li>
<li>Update to clap 4</li>
<li>build(deps): bump mockito from 0.31.1 to 0.32.3</li>
<li>workflows: update clippy to 1.67</li>
<li>Fix clippy lints</li>
<li>Inline variables into format strings</li>
<li>build(deps): bump zbus from 3.9.0 to 3.10.0</li>
<li>build(deps): bump serde_json from 1.0.92 to 1.0.93</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.1
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.1-175=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.1 (aarch64 x86_64)
<ul>
<li>afterburn-debugsource-5.8.2-slfo.1.1_1.1</li>
<li>afterburn-debuginfo-5.8.2-slfo.1.1_1.1</li>
<li>afterburn-5.8.2-slfo.1.1_1.1</li>
</ul>
</li>
<li>
SUSE Linux Micro 6.1 (noarch)
<ul>
<li>afterburn-dracut-5.8.2-slfo.1.1_1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2025-3416.html">https://www.suse.com/security/cve/CVE-2025-3416.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1242665">https://bugzilla.suse.com/show_bug.cgi?id=1242665</a>
</li>
</ul>
</div>