AlmaLinux 2325 Published by

A rust-toolset:rhel8 security, bug fix, and enhancement update has been released for AlmaLinux.



ALSA-2021:3063 Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update


Type:
security

Severity:
moderate

Release date:
2021-08-10

Description
The following packages have been upgraded to a later upstream version: rust (1.52.1). (BZ#1953002)
Security Fix(es):
* rust: optimization for joining strings can cause uninitialized bytes to be exposed (CVE-2020-36323)
* rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context (CVE-2021-28875)
* rust: panic safety issue in Zip implementation (CVE-2021-28876)
* rust: memory safety violation in Zip implementation for nested iter::Zips (CVE-2021-28877)
* rust: memory safety violation in Zip implementation when next_back() and next() are used together (CVE-2021-28878)
* rust: integer overflow in the Zip implementation can lead to a buffer overflow (CVE-2021-28879)
* rust: double free in Vec::from_iter function if freeing the element panics (CVE-2021-31162)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
For information on usage, see Using Rust Toolset linked in the References section.

References:
CVE-2020-36323
CVE-2021-28875
CVE-2021-28876
CVE-2021-28877
CVE-2021-28878
CVE-2021-28879
CVE-2021-31162

Updates packages:
cargo-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
cargo-doc-1.52.1-1.module_el8.4.0+2520+0729bac9.noarch.rpm
clippy-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rls-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rust-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rust-analysis-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rust-debugger-common-1.52.1-1.module_el8.4.0+2520+0729bac9.noarch.rpm
rust-doc-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rust-gdb-1.52.1-1.module_el8.4.0+2520+0729bac9.noarch.rpm
rust-lldb-1.52.1-1.module_el8.4.0+2520+0729bac9.noarch.rpm
rust-src-1.52.1-1.module_el8.4.0+2520+0729bac9.noarch.rpm
rust-std-static-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rust-toolset-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm
rustfmt-1.52.1-1.module_el8.4.0+2520+0729bac9.x86_64.rpm

Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2021:3063 Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update