Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
219
security advisorysecurity fixsoftware issueRocky Linux 8 RLSA-2023:4635 Important: Cargo Extraction Issue
Important: rust-toolset:rhel8 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:4635", "synopsis": "Important: rust-toolset:rhel8 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for module.rust, rust.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. \n\nSecurity Fix(es):\n\n* rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2228038", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2228038", "description": ""}], "cves": [{"name": "CVE-2023-38497", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2023-38497", "cvss3ScoringVector": "UNKNOWN", "cvss3BaseScore": "UNKNOWN", "cwe": "UNKNOWN"}], "references": [], "publishedAt": "2023-08-24T04:21:04.204171Z", "rpms": {"Rocky Linux 8": {"nvras": ["cargo-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "cargo-debuginfo-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "clippy-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "clippy-debuginfo-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-0:1.66.1-2.module+el8.8.0+1428+0690fcea.src.rpm", "rust-analysis-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-analyzer-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-analyzer-debuginfo-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm","rust-debugger-common-0:1.66.1-2.module+el8.8.0+1428+0690fcea.noarch.rpm", "rust-debuginfo-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-debugsource-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-doc-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rustfmt-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rustfmt-debuginfo-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-gdb-0:1.66.1-2.module+el8.8.0+1428+0690fcea.noarch.rpm", "rust-lldb-0:1.66.1-2.module+el8.8.0+1428+0690fcea.noarch.rpm", "rust-src-0:1.66.1-2.module+el8.8.0+1428+0690fcea.noarch.rpm", "rust-std-static-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-std-static-wasm32-unknown-unknown-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-std-static-wasm32-wasi-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm", "rust-toolset-0:1.66.1-2.module+el8.8.0+1428+0690fcea.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Critical vulnerability addressed in rust-toolset for Rocky Linux 8. Review the patch notes for specifics and assess the potential impact of this security concern.. Rust Toolset, Rocky Linux 8, Security Update, Cargo Fixes, Important Advisory. . Severity: Important. LinuxSecurity.com Team
Aug 24, 2023
•Important
Rocky Linux
98
security advisorymoderatered hatRed Hat: RHSA-2021:4694 Moderate: Rust Toolset Unicode Fix
An update for rust-toolset-1.54-rust is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rust-toolset-1.54-rust security update Advisory ID: RHSA-2021:4694-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2021:4694 Issue date: 2021-11-16 CVE Names: CVE-2021-42574 ==================================================================== 1. Summary: An update for rust-toolset-1.54-rust is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 3. Description: Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characterscan cause trojan source attacks (CVE-2021-42574) The following changes were introduced in rust in order to facilitate detection of BiDi Unicode characters: Rust introduces two new lints to detect and reject code containing the affected codepoints. These new deny-by-default lints detect affected codepoints in string literals and comments. The lints will prevent source code file containing these codepoints from being compiled. If your code has legitimate uses for the codepoints we recommend replacing them with the related escapesequence. The error messages will suggest the right escapes to use. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2005819 - CVE-2021-42574 Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v.7): Source: rust-toolset-1.54-rust-1.54.0-4.el7_9.src.rpm noarch: rust-toolset-1.54-cargo-doc-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-debugger-common-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-gdb-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-lldb-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-src-1.54.0-4.el7_9.noarch.rpm ppc64: rust-toolset-1.54-cargo-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-clippy-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rls-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rust-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rust-analysis-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rust-debuginfo-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rust-doc-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rust-std-static-1.54.0-4.el7_9.ppc64.rpm rust-toolset-1.54-rustfmt-1.54.0-4.el7_9.ppc64.rpm ppc64le: rust-toolset-1.54-cargo-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-clippy-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rls-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rust-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rust-analysis-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rust-debuginfo-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rust-doc-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rust-std-static-1.54.0-4.el7_9.ppc64le.rpm rust-toolset-1.54-rustfmt-1.54.0-4.el7_9.ppc64le.rpm s390x: rust-toolset-1.54-cargo-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-clippy-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-rls-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-rust-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-rust-analysis-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-rust-doc-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-rust-std-static-1.54.0-4.el7_9.s390x.rpm rust-toolset-1.54-rustfmt-1.54.0-4.el7_9.s390x.rpm x86_64: rust-toolset-1.54-cargo-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-clippy-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rls-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-analysis-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-debuginfo-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-doc-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-std-static-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rustfmt-1.54.0-4.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7): Source: rust-toolset-1.54-rust-1.54.0-4.el7_9.src.rpm noarch: rust-toolset-1.54-cargo-doc-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-debugger-common-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-gdb-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-lldb-1.54.0-4.el7_9.noarch.rpm rust-toolset-1.54-rust-src-1.54.0-4.el7_9.noarch.rpm x86_64: rust-toolset-1.54-cargo-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-clippy-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rls-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-analysis-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-debuginfo-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-doc-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rust-std-static-1.54.0-4.el7_9.x86_64.rpm rust-toolset-1.54-rustfmt-1.54.0-4.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYZO5gdzjgjWX9erEAQh3YxAAl7zV51Sqqs+UW8DWp7EpJP6UO3MhcCxQ 9P3wC758Rao5DZV081JVvOkE2ZXeREN1Dnb2JB0EQTem0Z6ZACLhdwQ1mppRy1ZX 7GqCmG0iu+aENGnmsS9UPQAd5eOeoHNAL74TXiLerTPO75pUKtj9s51uBj1Wpgkc zsh8I6QEvb+N30djScoXwvGGRjtRDlhCWhL0DXGN8GyLU4NBkX3HxsnbPny513aT a+hm4g4Dhfy3xUHyN3hjrj9zJAULPKVyNbkDH9ahEPj0u4JLWISFS4m/7cYPK1xV hCfaqOE8dzdq9mATO7QeWSjyRiVxAMmZxW0b/8LhTNuMkLMty5CvkVMd0rhGPBwe HaRfn7V/zLUP1XJaLz0s0ZsFc3xPyH8JV+HZtfdVLexOxoHhMbq2PHusx/+/ZAgu af4bSu8qGntwqx2D9auUnEdOFfD+IzqSFEdmNdAYmxCgka8rSLoYVYqWJYubEu0b XYTKP5nhHFJD0uTUFUBgPfp7lLcoqBl1cQoCNTByjHXPYvbJBNhahaI3xz0gZuOW gm8nShHbQQ2HSiuzT/o48yf4rV/O7/unpDyKfg4HG3K0Td8zhmiwMF6eDqvDe65p E1RQ2RpxyI7rL4xrfTkiyMf+6xPZKdDmxWaTozkosSBt5NBynSPHo5NcUd0gcNNS FcJTDFv05oM=R1Fz -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 16, 2021
Red Hat
98
security advisorymoderatesecurity issueRed Hat: RHSA-2021-3042-01 Moderate: Rust-Toolset Security Issues
New rust-toolset-1.52 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: rust-toolset-1.52 and rust-toolset-1.52-rust security and enhancement update Advisory ID: RHSA-2021:3042-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2021:3042 Issue date: 2021-08-10 CVE Names: CVE-2020-36323 CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2021-31162 ==================================================================== 1. Summary: New rust-toolset-1.52 packages are now available as a part of Red Hat Developer Tools for Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 3. Description: Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. The following packages have been upgraded to a later upstream version: rust-toolset-1.52-rust (1.52.1). (BZ#1947197) Security Fix(es): * rust: optimization for joining strings can cause uninitialized bytes to be exposed (CVE-2020-36323) * rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context(CVE-2021-28875) * rust: panic safety issue in Zip implementation (CVE-2021-28876) * rust: memory safety violation in Zip implementation for nested iter::Zips (CVE-2021-28877) * rust: memory safety violation in Zip implementation when next_back() and next() are used together (CVE-2021-28878) * rust: integer overflow in the Zip implementation can lead to a buffer overflow (CVE-2021-28879) * rust: double free in Vec::from_iter function if freeing the element panics (CVE-2021-31162) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. For information on usage, see Using Rust Toolset linked in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1949194 - CVE-2021-28875 rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context 1949198 - CVE-2021-28876 rust: panic safety issue in Zip implementation 1949204 - CVE-2021-28877 rust: memory safety violation in Zip implementation for nested iter::Zips 1949207 - CVE-2021-28878 rust: memory safety violation in Zip implementation when next_back() and next() are used together 1949211 - CVE-2021-28879 rust: integer overflow in the Zip implementation can lead to a buffer overflow 1950396 - CVE-2020-36323 rust: optimization for joining strings can cause uninitialized bytes to be exposed 1950398 - CVE-2021-31162 rust: double free in Vec::from_iter function if freeing the element panics 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v.7): Source: rust-toolset-1.52-1.52.1-1.el7_9.src.rpm rust-toolset-1.52-rust-1.52.1-2.el7_9.src.rpm noarch: rust-toolset-1.52-cargo-doc-1.52.1-2.el7_9.noarch.rpm rust-toolset-1.52-rust-debugger-common-1.52.1-2.el7_9.noarch.rpm rust-toolset-1.52-rust-gdb-1.52.1-2.el7_9.noarch.rpm rust-toolset-1.52-rust-lldb-1.52.1-2.el7_9.noarch.rpm rust-toolset-1.52-rust-src-1.52.1-2.el7_9.noarch.rpm ppc64: rust-toolset-1.52-1.52.1-1.el7_9.ppc64.rpm rust-toolset-1.52-build-1.52.1-1.el7_9.ppc64.rpm rust-toolset-1.52-cargo-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-clippy-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-rls-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-runtime-1.52.1-1.el7_9.ppc64.rpm rust-toolset-1.52-rust-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-rust-analysis-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-rust-debuginfo-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-rust-doc-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-rust-std-static-1.52.1-2.el7_9.ppc64.rpm rust-toolset-1.52-rustfmt-1.52.1-2.el7_9.ppc64.rpm ppc64le: rust-toolset-1.52-1.52.1-1.el7_9.ppc64le.rpm rust-toolset-1.52-build-1.52.1-1.el7_9.ppc64le.rpm rust-toolset-1.52-cargo-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-clippy-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-rls-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-runtime-1.52.1-1.el7_9.ppc64le.rpm rust-toolset-1.52-rust-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-rust-analysis-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-rust-debuginfo-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-rust-doc-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-rust-std-static-1.52.1-2.el7_9.ppc64le.rpm rust-toolset-1.52-rustfmt-1.52.1-2.el7_9.ppc64le.rpm s390x: rust-toolset-1.52-1.52.1-1.el7_9.s390x.rpm rust-toolset-1.52-build-1.52.1-1.el7_9.s390x.rpm rust-toolset-1.52-cargo-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-clippy-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-rls-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-runtime-1.52.1-1.el7_9.s390x.rpm rust-toolset-1.52-rust-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-rust-analysis-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-rust-doc-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-rust-std-static-1.52.1-2.el7_9.s390x.rpm rust-toolset-1.52-rustfmt-1.52.1-2.el7_9.s390x.rpm x86_64: rust-toolset-1.52-1.52.1-1.el7_9.x86_64.rpm rust-toolset-1.52-build-1.52.1-1.el7_9.x86_64.rpm rust-toolset-1.52-cargo-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-clippy-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-rls-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-runtime-1.52.1-1.el7_9.x86_64.rpm rust-toolset-1.52-rust-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-rust-analysis-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-rust-debuginfo-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-rust-doc-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-rust-std-static-1.52.1-2.el7_9.x86_64.rpm rust-toolset-1.52-rustfmt-1.52.1-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-36323 https://access.redhat.com/security/cve/CVE-2021-28875 https://access.redhat.com/security/cve/CVE-2021-28876 https://access.redhat.com/security/cve/CVE-2021-28877 https://access.redhat.com/security/cve/CVE-2021-28878 https://access.redhat.com/security/cve/CVE-2021-28879 https://access.redhat.com/security/cve/CVE-2021-31162 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYRIqR9zjgjWX9erEAQgZsQ//R+0ww+vDHnkbouAZshRoLSc1LD24/nbf 80/NxaLswoOWxod76Nrba9bzxvwZyQqeZRgtX6fbqz8SVTI8S5twXjsu5nrmBObs qqEbwbEShY2GkcDxS2u4+R/xxs/ImeuDfY9Y/Cd5Lp66lt5uXuFDL+9gyhomtja+ 8CVnCNiLqHvDiG3Gor+st2dAlVzYRvKavrtGcgiLuNM8LLwVpZ7tiwJ5yiokcYcg X7YeciF0reYBS7NMr+w0Hta2Siw3R8P4U2DSfk0KKO8ibkQVM0m1HJJipehbICLL 8WKmAJTfCO/WFA02hupeGslbky5ptg30AtbXwjovY8B9LwLe0CE4btVfJVHVDXXo zXx4kIoyLmhos4xy26ttcpdlNLobL5U+g+Q7qe9XDoqxk/wg2ilo4cAnes73k1/R vtXIaXuKKZ+Uexr/Ic8NvYbpfFrlg437LkKME/0/r9GXnDCVlHSZ/Q7e2qhzY2Cu NYgE+PIbK8t4pBDT6dsGfO93M/lELGo084HbaOidEMnjkwfIMlyeSrdt1ahTlw+Q NeXYjCrjlfMy511WKiEFwKNykdOtGhOmysV61HFml7qfmcUKp3sDxztMVVQMkpR+ h92etpN/V1oJghpcoYl8pWkIxKXrpC33axKnkdEtEjs63IIzqDkbzj4alOQnVIBn qmXMqpvunOU=GS8z -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 10, 2021
Red Hat
98
security advisorysoftware updatebug fixRed Hat Enterprise Linux 8 RHSA-2021:1935-01 Low: Rust Toolset Update
An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: rust-toolset:rhel8 security, bug fix, and enhancement update Advisory ID: RHSA-2021:1935-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1935 Issue date: 2021-05-18 CVE Names: CVE-2020-36317 CVE-2020-36318 ==================================================================== 1. Summary: An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The following packages have been upgraded to a later upstream version: rust (1.49.0). (BZ#1896712) Security Fix(es): * rust: use-after-free or double free in VecDeque::make_contiguous (CVE-2020-36318) * rust: memory safety violation in String::retain() (CVE-2020-36317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4.Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1949189 - CVE-2020-36317 rust: memory safety violation in String::retain() 1949192 - CVE-2020-36318 rust: use-after-free or double free in VecDeque::make_contiguous 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: rust-1.49.0-1.module+el8.4.0+9446+1a463e08.src.rpm rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.src.rpm aarch64: cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rls-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm noarch: cargo-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm rust-debugger-common-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm rust-gdb-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm rust-lldb-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm rust-src-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm ppc64le: cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rls-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm s390x: cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rls-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm x86_64: cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rls-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-36317 https://access.redhat.com/security/cve/CVE-2020-36318 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPxiNzjgjWX9erEAQiBNQ//aMyylDO7zj712n1z7FWhqvA5vlGSIU95 88+ZfVDQl4OB+t8r/CvqFi7VeTYaFMrt7EzO7PH93b6O0xAjb1MDubTAP1duvtIB bRY+p5gfO9dznZq/uGgRsaVuv5KjuY6jjIZ2BDDo8TI7MpseD7gd/yjFqVhAFJDY 86/9bnvqbJTx39C03FkCpkdEHaIW+YLCI3G/IfYbbiemaacK6kkKOtgBfIY8qId+ JpjE9RK3DSUvv/+1WXBcrqxTmuF9w7XfQbrTz4z3ECbet1LRkD3DZ7LkCO+kBD1R hY8ALbn9tXfzc8IeGI6lO1orir5K07azNJ+/sARLD31uSmTtQLk4HdjuSsMd44t/ 9hUuv5GigOxPAeql+Qkak4JDzV5X9Rd0mNtFHN5vyK6bPj4qhgVCYecS2MyqPI80 rPr7zhCGcFlO1Rnae58AoMgDlvr/EXN1F3czHhI9OSoIF1929WkZtkwXNwZU3+fH +OpsmSckTk7IYC3vCH8QKbS1O+7WaWhQJqqkkcEjEX7Ki3sXuhylfBou/YRM6qv8 Gn8U5qiSF5qqIjj2q5jk7Vo3TJwnRl22WvNba+hy8aO98zNI3zLckxyvQEdTbnGD FbXRNtsLv1/nx8vHGWDZlH8r/yEKwIBQIB2sC2lujMQgKW9fiZ1uiDqIdE0gh+PY XxLsQFuUKqc=FX5k -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2021
•Low
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!