28 matches found
OESA-2025-1236 rust security update
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator. Security Fixes: Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not...
Linux Distros Unpatched Vulnerability : CVE-2022-46176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and...
CVE-2022-46176 affecting package rust 1.59.0-1
CVE-2022-46176 affecting package rust 1.59.0-1. No patch is available currently...
Fedora 37 : rust (2023-19bcafe341)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-19bcafe341 advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...
openSUSE: Security Advisory for rust1.65 (SUSE-SU-2023:0133-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for rust1.66 (SUSE-SU-2023:0132-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-46176 affecting package rust for versions less than 1.68.2-1
CVE-2022-46176 affecting package rust for versions less than 1.68.2-1. An upgraded version of the package is available that resolves this issue...
SUSE CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
SUSE: Security Advisory (SUSE-SU-2023:0133-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:0132-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux 2022 : cargo, clippy, rust (ALAS2022-2023-278)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2023-278 advisory. Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.66 (SUSE-SU-2023:0132-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0132-1 advisory. - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust1.65 (SUSE-SU-2023:0133-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0133-1 advisory. - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies...
SUSE-SU-2023:0132-1 Security update for rust1.66
This update for rust1.66 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSHbsc1206930...
Fedora: Security Advisory for rust (FEDORA-2023-575fcaf4bf)
The remote host is missing an update for the Copyright C 2023 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 36 : rust (2023-575fcaf4bf)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-575fcaf4bf advisory. Security fix for CVE-2022-46176: Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. For more details, see the...
git2 Rust package suppresses ssh host key checking
By default, when accessing an ssh repository ie via an ssh: git repository url the git2 Rust package does not do any host key checking. Additionally, the provided API is not sufficient for a an application to do meaningful checking itself. Impact When connecting to an ssh repository, and when an...
CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
DEBIAN-CVE-2022-46176
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle MITM attacks. This vulnerability has been assigned...
CVE-2022-46176
Cargo for Rust did not verify SSH host keys when cloning indexes/dependencies via SSH, enabling potential MITM attacks. All Rust versions containing Cargo before 1.66.1 are affected; upgrading to Cargo/Rust 1.66.1 fixes the SSH host key verification behavior by aborting connections if the server ...