MGASA-2021-0251 - Updated rust packages fix security vulnerabilities
Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0251.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2020-36323,
CVE-2021-28876,
CVE-2021-28878,
CVE-2021-28879,
CVE-2021-31162
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323,
CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.
These are memory safety bugs in the Rust standard library. Because it is
statically linked, affected applications will need to be rebuilt to benefit
from the fixes. The actual security implications will depend on how these APIs
are used in each particular case.
This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.49.0. See the referenced release notes for
details.
The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).
References:
- https://bugs.mageia.org/show_bug.cgi?id=29033
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html
- https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162
SRPMS:
- 8/core/rust-1.52.1-1.mga8
- 8/core/alacritty-0.7.1-1.1.mga8
- 8/core/cargo-c-0.7.0-1.1.mga8
- 8/core/dust-0.5.1-1.1.mga8
- 8/core/librsvg-2.50.3-1.1.mga8
- 8/core/mozjs68-68.11.0-1.1.mga8
- 8/core/mozjs78-78.11.0-1.mga8
- 8/core/neovim-gtk-0.2.0-0.git20190512.2.1.mga8
- 8/core/ripgrep-12.1.1-1.1.mga8
Mageia 2021-0251: rust security update
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162
Summary
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323,
CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.
These are memory safety bugs in the Rust standard library. Because it is
statically linked, affected applications will need to be rebuilt to benefit
from the fixes. The actual security implications will depend on how these APIs
are used in each particular case.
This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.49.0. See the referenced release notes for
details.
The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).
References
- https://bugs.mageia.org/show_bug.cgi?id=29033
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html
- https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162
Resolution
MGASA-2021-0251 - Updated rust packages fix security vulnerabilities
SRPMS
- 8/core/rust-1.52.1-1.mga8
- 8/core/alacritty-0.7.1-1.1.mga8
- 8/core/cargo-c-0.7.0-1.1.mga8
- 8/core/dust-0.5.1-1.1.mga8
- 8/core/librsvg-2.50.3-1.1.mga8
- 8/core/mozjs68-68.11.0-1.1.mga8
- 8/core/mozjs78-78.11.0-1.mga8
- 8/core/neovim-gtk-0.2.0-0.git20190512.2.1.mga8
- 8/core/ripgrep-12.1.1-1.1.mga8
Severity
Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0251.html
Type: security
CVE: CVE-2020-36323,
CVE-2021-28876,
CVE-2021-28878,
CVE-2021-28879,
CVE-2021-31162
News
HOWTOs
Features
About Us
Powered By
