[SECURITY] Fedora 41 Update: keylime-agent-rust-0.2.7-4.fc41

Rust agent for Keylime...

CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

PYSEC-2024-312

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

PYSEC-2024-312

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

UBUNTU-CVE-2024-47763

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

OESA-2024-1812 rust security update

Rust is a systems programming language focused on three goals:safety, speed,and concurrency.It maintains these goals without having a garbage collector, making it a useful language for a number of use cases other languages are not good at: embedding in other languages, programs with specific spac...

CVE-2023-38497 affecting package rust for versions less than 1.72.0-2

CVE-2023-38497 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

[SECURITY] Fedora 38 Update: virtiofsd-1.7.0-4.fc38

Virtio-fs vhost-user device daemon Rust version...

AZL-28511 CVE-2023-40030 affecting package rust for versions less than 1.72.0-2

Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject nearly arbitrar...

PT-2023-9267 · Rust +10 · Cargo +10

Name of the Vulnerable Software and Affected Versions: Cargo versions prior to 0.72.2 Rust versions prior to 1.71.1 Description: The issue is related to the Cargo package manager for the Rust programming language, which ignores umask when extracting archives created in UNIX-like systems. This cou...

PT-2023-1358

Name of the Vulnerable Software and Affected Versions Rust versions prior to 1.66.1 Description The issue is related to the Cargo package manager in Rust, which does not perform SSH host key verification when cloning indexes and dependencies via SSH. This allows an attacker to perform...

OPENSUSE-SU-2022:0175-1 Security update for rust1.57

This update for rust1.57 fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::removedirall bsc1194767...

OPENSUSE-SU-2022:0149-1 Security update for rust1.56

This update for rust1.56 fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::removedirall bsc1194767...

Potential memory corruption in arrayfire

The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...

Free of uninitialized memory in adtensor

An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability exists in the anymap crate of Mozilla Rust version 0.12.1, which can be exploited by attackers to compromise soundness by converting u8 to u64...

UBUNTU-CVE-2018-25008

In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can be lead to memory safety issues through race conditions...

UBUNTU-CVE-2020-36323

In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to crash if the borrowed string changes after its length is checked...

DEBIAN-CVE-2015-20001

In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside siftup or siftdownrange panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory...

CVE-2019-20446

In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially...