An update for restic is now available for openEuler-24.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2066 Final 1.0 1.0 2025-08-22 Initial 2025-08-22 2025-08-22 openEuler SA Tool V1.0 2025-08-22 restic security update An update for restic is now available for openEuler-24.03-LTS-SP2 restic is a backup program. It supports verification, encryption, snapshots and deduplication. Security Fix(es): A vulnerability was found in Microsoft Azure Identity Library and Microsoft Authentication Library (Cloud Software) (the affected version unknown). It has been rated as problematic.Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Impacted is confidentiality.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.(CVE-2024-35255) An update for restic is now available for openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium restic https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2066 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-35255 https://nvd.nist.gov/vuln/detail/CVE-2024-35255 openEuler-24.03-LTS-SP2 restic-0.16.2-3.oe2403sp2.aarch64.rpm restic-0.16.2-3.oe2403sp2.src.rpm restic-0.16.2-3.oe2403sp2.x86_64.rpm restic-bash-completion-0.16.2-3.oe2403sp2.noarch.rpm restic-zsh-completion-0.16.2-3.oe2403sp2.noarch.rpm A vulnerability was found in Microsoft Azure Identity Library and Microsoft Authentication Library (Cloud Software) (the affected version unknown). It has been rated as problematic.Using CWE to declare the problem leads to CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Impacted is confidentiality.Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability. 2025-08-22 CVE-2024-35255 openEuler-24.03-LTS-SP2 Medium 5.5 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N restic security update 2025-08-22 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2066