CVE-2026-34155

Name	CVE-2026-34155
Description	RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a legitimate signature, an attacker can modify the part of the payload which is not covered by the signature. This issue has been patched in version 1.15.2.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
rauc (PTS)	bullseye	1.5.1-1	vulnerable
	bookworm	1.8-2	vulnerable
	trixie	1.13-3	vulnerable
	forky	1.15.1-1	vulnerable
	sid	1.15.2-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
rauc	source	(unstable)	1.15.2-1

Notes

https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx
Fixed by: https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441 (v1.15.2)