RedHat: RHSA-2021-2243:01 Low: rust-toolset-1.49 and rust-toolset-1...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Low: rust-toolset-1.49 and rust-toolset-1.49-rust update
Advisory ID:       RHSA-2021:2243-01
Product:           Red Hat Developer Tools
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:2243
Issue date:        2021-06-03
CVE Names:         CVE-2020-36317 CVE-2020-36318 
=====================================================================

1. Summary:

New rust-toolset-1.49 packages are now available as a part of Red Hat
Developer Tools for Red Hat Enterprise Linux.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the
cargo build tool and dependency manager, the cargo-vendor plugin, and
required libraries.

This enhancement update adds the rust-toolset-1.49 packages to Red Hat
Developer Tools. (BZ#1902240)

Security Fix(es):

* rust: use-after-free or double free in VecDeque::make_contiguous
(CVE-2020-36318)

* rust: memory safety violation in String::retain() (CVE-2020-36317)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1949189 - CVE-2020-36317 rust: memory safety violation in String::retain()
1949192 - CVE-2020-36318 rust: use-after-free or double free in VecDeque::make_contiguous

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:
rust-toolset-1.49-1.49.0-1.el7_9.src.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.src.rpm

noarch:
rust-toolset-1.49-cargo-doc-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-debugger-common-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-gdb-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-lldb-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-src-1.49.0-1.el7_9.noarch.rpm

ppc64:
rust-toolset-1.49-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-build-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-cargo-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-clippy-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rls-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-runtime-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.ppc64.rpm
rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.ppc64.rpm

ppc64le:
rust-toolset-1.49-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-build-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-cargo-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-clippy-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rls-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-runtime-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.ppc64le.rpm
rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.ppc64le.rpm

s390x:
rust-toolset-1.49-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-build-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-cargo-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-clippy-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-rls-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-runtime-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.s390x.rpm
rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.s390x.rpm

x86_64:
rust-toolset-1.49-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-build-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-cargo-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-clippy-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rls-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-runtime-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:
rust-toolset-1.49-1.49.0-1.el7_9.src.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.src.rpm

noarch:
rust-toolset-1.49-cargo-doc-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-debugger-common-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-gdb-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-lldb-1.49.0-1.el7_9.noarch.rpm
rust-toolset-1.49-rust-src-1.49.0-1.el7_9.noarch.rpm

x86_64:
rust-toolset-1.49-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-build-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-cargo-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-clippy-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rls-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-runtime-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.x86_64.rpm
rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-36317
https://access.redhat.com/security/cve/CVE-2020-36318
https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_rust_1.49.0_toolset/index
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYLi1jtzjgjWX9erEAQj7Wg//TpW/yaLMjLTDAG3SyiwqMjObB4Baussm
J5G3Lt0JejiguOQqxIeSCNDIibCzk82nmGX7LELptIgY0b52O1sjxHsOQ4D3xGyP
8+2MnDC/tYDw4h28XCrxg/t+PbU5WxCmHqa0Sy7dKUPgsIFjIsqmHOX6+Fl+i4q1
J4z2Q1pCZ6CCnNIsrlhla5b6dFhVgmzY4YRA2VpC6UUy2wI/bVWCekLouDxARgcr
BRPvRDl1sKVwilX3Z0cMpZ/jBqc5yeWrXNsLwdGo2Xq070w+7DOLEe0eX4wYTRth
Lt9eeijF49jDjQ8xtt7W3i0rCz6LjOJH5PdHNOl6UGLAS1FT9YbhI+ZwghgDOmbe
ZNulTji2OoysBV2Y609OW+nw0INM5VQOofbHIDTcvgEfKscgRXiFAwOvEAZZayR3
quK6YmUVnzcXkNgLtAvQ7P/1HNTOVXbgM/ahcEg4Bdfb3FOskJpfgUuzdNpVcIsU
PpBpP/8BWRiME+RvPB2l7e8h83rSpG9m/aU5OeS1mKcBhSu3LJ0dMmakXCSW3FjR
xjXKXbtpEIMKTeP15ibBKK2jMBDpofLcJCgkruamfFAgE71I+/Hz/MBiBHZPt0ZO
7CwjxtKLf6GDKRsH5h/eVimYv/CjvijbYWX552zbgvDjvPBIAXUg/HqnkoaIr9+a
qa7FHw1NTNY=
=gW3H
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-2243:01 Low: rust-toolset-1.49 and rust-toolset-1.49-rust

New rust-toolset-1.49 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux

Summary

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries.
This enhancement update adds the rust-toolset-1.49 packages to Red Hat Developer Tools. (BZ#1902240)
Security Fix(es):
* rust: use-after-free or double free in VecDeque::make_contiguous (CVE-2020-36318)
* rust: memory safety violation in String::retain() (CVE-2020-36317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2020-36317 https://access.redhat.com/security/cve/CVE-2020-36318 https://access.redhat.com/documentation/en-us/red_hat_developer_tools/1/html/using_rust_1.49.0_toolset/index https://access.redhat.com/security/updates/classification/#low

Package List

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):
Source: rust-toolset-1.49-1.49.0-1.el7_9.src.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.src.rpm
noarch: rust-toolset-1.49-cargo-doc-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-debugger-common-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-gdb-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-lldb-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-src-1.49.0-1.el7_9.noarch.rpm
ppc64: rust-toolset-1.49-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-build-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-cargo-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-clippy-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rls-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-runtime-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.ppc64.rpm rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.ppc64.rpm
ppc64le: rust-toolset-1.49-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-build-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-cargo-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-clippy-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rls-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-runtime-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.ppc64le.rpm rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.ppc64le.rpm
s390x: rust-toolset-1.49-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-build-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-cargo-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-clippy-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-rls-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-runtime-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.s390x.rpm rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.s390x.rpm
x86_64: rust-toolset-1.49-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-build-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-cargo-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-clippy-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rls-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-runtime-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.x86_64.rpm
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):
Source: rust-toolset-1.49-1.49.0-1.el7_9.src.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.src.rpm
noarch: rust-toolset-1.49-cargo-doc-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-debugger-common-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-gdb-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-lldb-1.49.0-1.el7_9.noarch.rpm rust-toolset-1.49-rust-src-1.49.0-1.el7_9.noarch.rpm
x86_64: rust-toolset-1.49-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-build-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-cargo-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-clippy-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rls-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-runtime-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-analysis-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-debuginfo-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-doc-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rust-std-static-1.49.0-1.el7_9.x86_64.rpm rust-toolset-1.49-rustfmt-1.49.0-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity
Advisory ID: RHSA-2021:2243-01
Product: Red Hat Developer Tools
Advisory URL: https://access.redhat.com/errata/RHSA-2021:2243
Issued Date: : 2021-06-03
CVE Names: CVE-2020-36317 CVE-2020-36318

Topic

New rust-toolset-1.49 packages are now available as a part of Red HatDeveloper Tools for Red Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

Bugs Fixed

1949189 - CVE-2020-36317 rust: memory safety violation in String::retain()

1949192 - CVE-2020-36318 rust: use-after-free or double free in VecDeque::make_contiguous

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.