Unexpected panics in num-bigint

Impact Two scenarios were reported where BigInt and BigUint multiplication may unexpectedly panic. - The internal mac3 function did not expect the possibility of non-empty all-zero inputs, leading to an unwrap panic. - A buffer was allocated with less capacity than needed for an intermediate...

Critical Photon OS Security Update - PHSA-2021-0324

Updates of 'rust', 'kafka' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-3.0-0324

Updates of 'kafka', 'rust' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-4.0-0122

Updates of 'rust' packages of Photon OS have been released...

Trojan Source attack lets hackers exploit source code

By Waqas Trojan Source attack impacts all popular programming language compilers, such as C, C++, C, Java, JavaScript, Python, Rust, and Go. This is a post from HackRead.com Read the original post: Trojan Source attack lets hackers exploit source code...

Critical Photon OS Security Update - PHSA-2021-0122

Updates of 'rust' packages of Photon OS have been released...

arrow (>=0.14.0 <=4.4.0), arrow-flight (>=2.0.0 <=4.4.0) +73 more potentially affected by unknown CVE via flatbuffers (>=0.4.0 <=22.12.6)

flatbuffers CARGO version =0.4.0, =0.14.0, =2.0.0, =1.0.0, =0.2.0, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.17.0, =0.1.1, =0.1.0, =0.1.0, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0122...

Fedora: Security Advisory for rust-coreos-installer (FEDORA-2021-23fed0cab4)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: rust-coreos-installer-0.10.1-1.fc35

coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...

VibeProtocol (=0.1.0), acid-store (>=0.1.0 <=0.14.2) +207 more potentially affected by unknown CVE via sodiumoxide (>=0.0.10 <=0.2.7)

sodiumoxide CARGO version =0.0.10, =0.1.0, =0.1.1, =0.1.0, =0.6.2, =0.6.2, =0.6.1, =0.6.2, =0.15.2, =0.1.0, =0.2.1 - branca =0.2.0 - brchd =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0137...

sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

Fedora: Security Advisory for rust-coreos-installer (FEDORA-2021-3d52eb54ca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust-coreos-installer (FEDORA-2021-449a2bdaf3)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: rust-coreos-installer-0.10.1-1.fc34

coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...

CVE-2021-41150

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is...

CVE-2021-41150

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is...

Code injection

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is...

CVE-2021-41150

CVE-2021-41150 affects the Tough Rust library (pre-0.12.0). The issue is improper sanitization of delegated role names when caching or loading a repository, allowing files ending with .json to be overwritten with role metadata anywhere on the system. This is caused by insufficient handling during...

CVE-2021-41149

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...

CVE-2021-41149

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...