Fedora 39: Critical Patch FEDORA-2024-8ba389815f for rust-shadow-rs
fedora
February 20, 2024
Update the git2 crate to version 0.18.2
Summary
A build-time information stored in your rust project.
Update Information:
Update the git2 crate to version 0.18.2. Update the libgit2-sys crate to version 0.16.2. Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577. Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.
Change Log
* Tue Feb 13 2024 Fabio Valentini
References
[ 1 ] Bug #2263100 - TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263100
[ 2 ] Bug #2263105 - TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2263105
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-8ba389815f' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rust-shadow-rs
Product: Fedora 39
Version: 0.8.1
Release: 8.fc39
URL: Summary : Build-time information stored in your rust project
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!