Researchers Uncover Rust Supply Chain Attack Targeting Cloud CI Pipelines

A case of software supply chain attack has been observed in the Rust programming language's crate registry that leveraged typosquatting techniques to publish a rogue library containing malware. Cybersecurity firm SentinelOne dubbed the attack "CrateDepression." Typosquatting attacks take place wh...

PT-2022-5135 · Juniper Networks · Juniper

Name of the Vulnerable Software and Affected Versions: Juniper versions prior to 0.15.10 Description: The issue is related to uncontrolled recursion in the Juniper GraphQL server library for Rust, which can result in a program crash. This can be caused by deeply nested fragments in a GraphQL...

Oracle Linux 8 : rust-toolset:ol8 (ELSA-2022-1894)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1894 advisory. - Update to 1.52.1. Includes security fixes for CVE-2020-36323, CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162. - Update to 1.51.0. Update t...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388-rs Scanner and Interactive shell for CVE-2022-13...

new packages: rust-zram-generator

An update is available for rust-zram-generator. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

new packages: rust-srpm-macros

An update is available for rust-srpm-macros. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: rust-afterburn

An update is available for rust-afterburn. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

new packages: rust-ssh-key-dir

An update is available for rust-ssh-key-dir. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: rust-bootupd

An update is available for rust-bootupd. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

new packages: rust-toolset

An update is available for rust-toolset. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

new packages: rust-coreos-installer

An update is available for rust-coreos-installer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

rust-toolset:ol8 security, bug fix, and enhancement update

rust 1.58.1-1 - Update to 1.58.1. 1.58.0-1 - Update to 1.58.0. 1.57.0-1 - Update to 1.57.0. 1.56.1-2 - Add rust-std-static-wasm32-wasi Resolves: rhbz1980080 1.56.0-1 - Update to 1.56.1. 1.55.0-1 - Update to 1.55.0. - Backport support for LLVM 13. 1.54.0-2 - Make std-static-wasm arch-specific to...

AlmaLinux 8 : rust-toolset:rhel8 (ALSA-2022:1894)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1894 advisory. rust: Race condition in removedirall leading to removal of files outside of the directory being removed CVE-2022-21658 Tenable has extracted the preceding...

novel (=0.4.2), salvo (>=0.1.5 <=0.1.6) +4 more potentially affected by unknown CVE via double-checked-cell (>=1.1.0 <=2.1.0)

double-checked-cell CARGO version =1.1.0, =0.1.5, =0.1.5, =0.1.5, =0.1.0, =1.0.0, =1.0.4-beta-2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0024...

abci-storage (=0.0.3), arcon_backend (>=0.1.0 <=0.1.1) +144 more potentially affected by unknown CVE via rocksdb (>=0.10.1 <=0.18.0)

rocksdb CARGO version =0.10.1, =0.1.0, =0.2.0, =0.2.0, =0.1.1, =1.2.0, =0.6.0, =6.0.0, =0.1.1, =0.1.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0046...

wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

RUSTSEC-2022-0054 wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

RHEL 8 : rust-toolset:rhel8 (RHSA-2022:1894)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1894 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The followin...

Moderate: Red Hat Security Advisory: rust-toolset:rhel8 security, bug fix, and enhancement update

An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

BeerHolderBot (>=0.1.0 <=0.3.6), GetPDB (>=0.1.0 <=1.0.1) +5228 more potentially affected by unknown CVE via hyper (>=0.0.1 <=0.14.11)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.7-alpha.3, =0.2.0-alpha.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0022...