Mageia 2021-0251: rust security update
Summary
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323,
CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.
These are memory safety bugs in the Rust standard library. Because it is
statically linked, affected applications will need to be rebuilt to benefit
from the fixes. The actual security implications will depend on how these APIs
are used in each particular case.
This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.49.0. See the referenced release notes for
details.
The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).
References
- https://bugs.mageia.org/show_bug.cgi?id=29033
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
- https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html
- https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162
Resolution
MGASA-2021-0251 - Updated rust packages fix security vulnerabilities
SRPMS
- 8/core/rust-1.52.1-1.mga8
- 8/core/alacritty-0.7.1-1.1.mga8
- 8/core/cargo-c-0.7.0-1.1.mga8
- 8/core/dust-0.5.1-1.1.mga8
- 8/core/librsvg-2.50.3-1.1.mga8
- 8/core/mozjs68-68.11.0-1.1.mga8
- 8/core/mozjs78-78.11.0-1.mga8
- 8/core/neovim-gtk-0.2.0-0.git20190512.2.1.mga8
- 8/core/ripgrep-12.1.1-1.1.mga8