Lucene search

K
almalinuxAlmaLinuxALSA-2021:3063
HistoryAug 10, 2021 - 11:59 a.m.

Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update

2021-08-1011:59:11
errata.almalinux.org
14

EPSS

0.017

Percentile

87.8%

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

The following packages have been upgraded to a later upstream version: rust (1.52.1). (BZ#1953002)

Security Fix(es):

  • rust: optimization for joining strings can cause uninitialized bytes to be exposed (CVE-2020-36323)

  • rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context (CVE-2021-28875)

  • rust: panic safety issue in Zip implementation (CVE-2021-28876)

  • rust: memory safety violation in Zip implementation for nested iter::Zips (CVE-2021-28877)

  • rust: memory safety violation in Zip implementation when next_back() and next() are used together (CVE-2021-28878)

  • rust: integer overflow in the Zip implementation can lead to a buffer overflow (CVE-2021-28879)

  • rust: double free in Vec::from_iter function if freeing the element panics (CVE-2021-31162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

For information on usage, see Using Rust Toolset linked in the References section.