Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

Mageia 8: MGASA-2021-0251 Moderate: Rust Memory Safety Fix

mageia
Calendar Grey June 13, 2021
Dist Mageia Esm H88
The latest Rust 1.52.1 update addresses major memory safety concerns, urging developers to update their applications. Explore the effects and enhancements of this release
This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162

Summary

This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. These are memory safety bugs in the Rust standard library. Because it is statically linked, affected applications will need to be rebuilt to benefit from the fixes. The actual security implications will depend on how these APIs are used in each particular case.
This update also provides new features and bugfixes included in Rust since the previously packaged version 1.49.0. See the referenced release notes for details.
The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).

References

- https://bugs.mageia.org/show_bug.cgi?id=29033

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/

- https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html

- https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html

- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html

- https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html

- https://www.cve.org/CVERecord?id=CVE-2020-36323

- https://www.cve.org/CVERecord?id=CVE-2021-28876

- https://www.cve.org/CVERecord?id=CVE-2021-28878

- https://www.cve.org/CVERecord?id=CVE-2021-28879

- https://www.cve.org/CVERecord?id=CVE-2021-31162

Topics%20covered

Topics Covered

security advisory application fix memory safety Mageia Rust update

Resolution

SRPMS

- 8/core/rust-1.52.1-1.mga8

- 8/core/alacritty-0.7.1-1.1.mga8

- 8/core/cargo-c-0.7.0-1.1.mga8

- 8/core/dust-0.5.1-1.1.mga8

- 8/core/librsvg-2.50.3-1.1.mga8

- 8/core/mozjs68-68.11.0-1.1.mga8

- 8/core/mozjs78-78.11.0-1.mga8

- 8/core/neovim-gtk-0.2.0-0.git20190512.2.1.mga8

- 8/core/ripgrep-12.1.1-1.1.mga8

Publication date: 13 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0251.html
Type: security
CVE: CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, CVE-2021-31162

Topics%20covered

Topics Covered

security advisory application fix memory safety Mageia Rust update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here