Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -8 articles for you...
98
security advisorysecurity updateRed HatRed Hat: RHSA-2023-4651 Important: Rust-Cargo Umask Bypass Issue
An update for rust-toolset-1.66-rust is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: rust-toolset-1.66-rust security update Advisory ID: RHSA-2023:4651-01 Product: Red Hat Developer Tools Advisory URL: https://access.redhat.com/errata/RHSA-2023:4651 Issue date: 2023-08-15 CVE Names: CVE-2023-38497 ===================================================================== 1. Summary: An update for rust-toolset-1.66-rust is now available for Red Hat Developer Tools. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): * rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2228038 - CVE-2023-38497rust-cargo: cargo does not respect the umask when extracting dependencies 6. Package List: Red Hat Developer Tools for Red Hat Enterprise Linux Server (v.7): Source: rust-toolset-1.66-rust-1.66.1-2.el7_9.src.rpm noarch: rust-toolset-1.66-rust-debugger-common-1.66.1-2.el7_9.noarch.rpm rust-toolset-1.66-rust-gdb-1.66.1-2.el7_9.noarch.rpm rust-toolset-1.66-rust-lldb-1.66.1-2.el7_9.noarch.rpm rust-toolset-1.66-rust-src-1.66.1-2.el7_9.noarch.rpm ppc64: rust-toolset-1.66-cargo-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-clippy-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rust-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.ppc64.rpm rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.ppc64.rpm ppc64le: rust-toolset-1.66-cargo-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-clippy-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rust-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.ppc64le.rpm rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.ppc64le.rpm s390x: rust-toolset-1.66-cargo-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-clippy-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rust-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.s390x.rpm rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.s390x.rpm x86_64: rust-toolset-1.66-cargo-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-clippy-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.x86_64.rpm Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7): Source: rust-toolset-1.66-rust-1.66.1-2.el7_9.src.rpm noarch: rust-toolset-1.66-rust-debugger-common-1.66.1-2.el7_9.noarch.rpm rust-toolset-1.66-rust-gdb-1.66.1-2.el7_9.noarch.rpm rust-toolset-1.66-rust-lldb-1.66.1-2.el7_9.noarch.rpm rust-toolset-1.66-rust-src-1.66.1-2.el7_9.noarch.rpm x86_64: rust-toolset-1.66-cargo-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-clippy-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.x86_64.rpm rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-38497 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk2uDAAAoJENzjgjWX9erEaSgP/2gn/rFD6+e48xJoIeXSydES JJQkdPZPocfZin6bb62eJAOV8GcsHN45m0FxSSX6NRQb9Av4R4ksCPo8M2ftRvRO G4xy6I/ym5TSGvyWFkRxdnD1thYWyDnC83D0dnZEii/d2+7wjISreM5PKURJ/zYx j8GSZia8yT1znUEJd25xhPp/NNf6O8l4q67InXWEKULKQtgkJevM87wDKoSMD7Tg vUsTIK7941KScUw4QrfkHA6zu0aLGr3HLot57wUI+1whWC730SEDt8HGZkMAe8y1 FBpxqBRFULbEk6DRwvvbmk2wFROXDKBzcgJB3tUUCynVRLLglEf2U/Sp8kjPu9Ij h7WH2Urr+gRj+iI3HWtE/M1NIUF0HDCT4PqwYCiskZ2jORpGO+4OTy4lyf3GBSed 8zhfjfASfQBGMF9JCYKbGzH1THFqVwnNwndvKdR/DZcKi6aomcUf/X5sRm8zLNDt jGw2o/BKibScrmZXM8dIigGxPX02k259rDfVJrWl6TIqAtImKxsyTO2M1qDU0kWh 4Mbsv4T5WlBn4Tp9RBdD44uUdL8ZYMXtn6msL2RUTwtcSm/tGL1OE6NkA0I4LVde Zr9NKOe13vH6BU5oJgU4jLdKptYtylEWHJ2uAsgA1c0+58frnbFah+yjEU24VL88 bS3EcqdJYl2QIGy5nyDM =0C7F -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 15, 2023
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!