Alerts This Week
Warning Icon 1 409
Alerts This Week
Warning Icon 1 409

Fedora 34: FEDORA-2021-d0ba1901ca Critical: Rust Memory Issues

fedora
Calendar Grey April 24, 2021
Dist Fedora Esm H88
Recent updates to Rust's memory management on Fedora strengthen security to combat vulnerabilities, ensuring application integrity and enhanced performance for developers
Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162

Summary

Rust is a systems programming language that runs blazingly fast, prevents

segfaults, and guarantees thread safety.

This package includes the Rust compiler and documentation generator.

Security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878,

CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust

standard library. Because it is statically linked, affected applications will

need to be rebuilt to benefit from the fixes. The actual security implications

will depend on how these APIs are used in each particular case.

* Fri Apr 16 2021 Josh Stone - 1.51.0-3

- Security fixes for CVE-2020-36323, CVE-2021-31162

* Wed Apr 14 2021 Josh Stone - 1.51.0-2

- Security fixes for CVE-2021-28876, CVE-2021-28878, CVE-2021-28879

- Fix bootstrap for stage0 rust 1.51

[ 1 ] Bug #1949198 - CVE-2021-28876 rust: panic safety issue in Zip implementation

https://bugzilla.redhat.com/show_bug.cgi?id=1949198

[ 2 ] Bug #1949207 - CVE-2021-28878 rust: memory safety violation in Zip implementation when next_back() and next() are used together

https://bugzilla.redhat.com/show_bug.cgi?id=1949207

[ 3 ] Bug #1949211 - CVE-2021-28879 rust: integer overflow in the Zip implementation can lead to a buffer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=1949211

[ 4 ] Bug #1950396 - CVE-2020-36323 rust: optimization for joining strings can cause uninitialized bytes to be exposed

https://bugzilla.redhat.com/show_bug.cgi?id=1950396

[ 5 ] Bug #1950398 - CVE-2021-31162 rust: double free in Vec::from_iter function if freeing the element panics

https://bugzilla.redhat.com/show_bug.cgi?id=1950398

su -c 'dnf upgrade --advisory FEDORA-2021-d0ba1901ca' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Topics%20covered

Topics Covered

security advisory critical issue update software update Fedora critical bug application security memory safety Rust

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 34
Version: 1.51.0
Release: 3.fc34
URL: https://rust-lang.org/
Summary: The Rust Programming Language

Topics%20covered

Topics Covered

security advisory critical issue update software update Fedora critical bug application security memory safety Rust

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here