Lucene search

K
redhatRedHatRHSA-2024:3428
HistoryMay 28, 2024 - 1:07 p.m.

(RHSA-2024:3428) Important: rust-toolset:rhel8 security update

2024-05-2813:07:54
CWE-276
access.redhat.com
17
rust toolset
security update
cargo
dependencies
cve-2023-38497
unix

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.1%

Rust Toolset provides the Rust programming language compiler rustc, the cargo
build tool and dependency manager, and required libraries.

Security Fix(es):

  • rust-cargo: cargo does not respect the umask when extracting dependencies
    (CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatrust-toolset-1.66-rust-0Range1.66.1-2.el7_9
OR
redhatrust-toolsetRangerhel8-8080020230807230209.0a78da64
OR
redhatrust-toolsetRangerhel8-8060020240312174911.aeeed864
OR
redhatrustRange1.66.1-2.el9_2
OR
redhatrust-0Range1.58.1-1.el9_0.1
AND
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatrust-toolset-1.66-rust-0*cpe:2.3:a:redhat:rust-toolset-1.66-rust-0:*:*:*:*:*:*:*:*
redhatrust-toolset*cpe:2.3:a:redhat:rust-toolset:*:*:*:*:*:*:*:*
redhatrust*cpe:2.3:a:redhat:rust:*:*:*:*:*:*:*:*
redhatrust-0*cpe:2.3:a:redhat:rust-0:*:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

7.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

6.4

Confidence

Low

EPSS

0

Percentile

5.1%