{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"restic security update", "category":"general", "title":"Synopsis" }, { "text":"An update for restic is now available for openEuler-24.03-LTS-SP1", "category":"general", "title":"Summary" }, { "text":"restic is a backup program. It supports verification, encryption, snapshots and deduplication.\n\nSecurity Fix(es):\n\nA vulnerability was found in Microsoft Azure Identity Library and Microsoft Authentication Library (Cloud Software) (the affected version unknown). It has been rated as problematic.Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Impacted is confidentiality.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.(CVE-2024-35255)", "category":"general", "title":"Description" }, { "text":"An update for restic is now available for openEuler-24.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"restic", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-2070", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2070" }, { "summary":"CVE-2024-35255", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35255&packageName=restic" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-35255" }, { "summary":"openEuler-SA-2025-2070 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-2070.json" } ], "title":"An update for restic is now available for openEuler-24.03-LTS-SP1", "tracking":{ "initial_release_date":"2025-08-22T19:39:57+08:00", "revision_history":[ { "date":"2025-08-22T19:39:57+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-08-22T19:39:57+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-08-22T19:39:57+08:00", "id":"openEuler-SA-2025-2070", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"restic-0.16.2-3.oe2403sp1.aarch64.rpm", "name":"restic-0.16.2-3.oe2403sp1.aarch64.rpm" }, "name":"restic-0.16.2-3.oe2403sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"restic-0.16.2-3.oe2403sp1.src.rpm", "name":"restic-0.16.2-3.oe2403sp1.src.rpm" }, "name":"restic-0.16.2-3.oe2403sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"restic-0.16.2-3.oe2403sp1.x86_64.rpm", "name":"restic-0.16.2-3.oe2403sp1.x86_64.rpm" }, "name":"restic-0.16.2-3.oe2403sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"restic-bash-completion-0.16.2-3.oe2403sp1.noarch.rpm", "name":"restic-bash-completion-0.16.2-3.oe2403sp1.noarch.rpm" }, "name":"restic-bash-completion-0.16.2-3.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"restic-zsh-completion-0.16.2-3.oe2403sp1.noarch.rpm", "name":"restic-zsh-completion-0.16.2-3.oe2403sp1.noarch.rpm" }, "name":"restic-zsh-completion-0.16.2-3.oe2403sp1.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"restic-0.16.2-3.oe2403sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.aarch64", "name":"restic-0.16.2-3.oe2403sp1.aarch64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"restic-0.16.2-3.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.src", "name":"restic-0.16.2-3.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"restic-0.16.2-3.oe2403sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.x86_64", "name":"restic-0.16.2-3.oe2403sp1.x86_64 as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"restic-bash-completion-0.16.2-3.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:restic-bash-completion-0.16.2-3.oe2403sp1.noarch", "name":"restic-bash-completion-0.16.2-3.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"restic-zsh-completion-0.16.2-3.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:restic-zsh-completion-0.16.2-3.oe2403sp1.noarch", "name":"restic-zsh-completion-0.16.2-3.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-35255", "notes":[ { "text":"A vulnerability was found in Microsoft Azure Identity Library and Microsoft Authentication Library (Cloud Software) (the affected version unknown). It has been rated as problematic.Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Impacted is confidentiality.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.src", "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:restic-bash-completion-0.16.2-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:restic-zsh-completion-0.16.2-3.oe2403sp1.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.src", "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:restic-bash-completion-0.16.2-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:restic-zsh-completion-0.16.2-3.oe2403sp1.noarch" ], "details":"restic security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2070" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.aarch64", "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.src", "openEuler-24.03-LTS-SP1:restic-0.16.2-3.oe2403sp1.x86_64", "openEuler-24.03-LTS-SP1:restic-bash-completion-0.16.2-3.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:restic-zsh-completion-0.16.2-3.oe2403sp1.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2024-35255" } ] }