Rust Resource Management Error Vulnerability (CNVD-2021-38320)

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A resource management error vulnerability exists in rocket crate for Rust prior to version 0.4.7, which stems from the fact that if a user-supplied function appears to be panic, the uri::Formatter can be...

Important Photon OS Security Update - PHSA-2021-0019

Updates of 'rust' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-3.0-0228

Updates of 'docker', 'rust', 'consul' packages of Photon OS have been released...

Critical Photon OS Security Update - PHSA-2021-0228

Updates of 'consul', 'rust', 'docker' packages of Photon OS have been released...

actinium226-librespot (=0.4.3), actinium226-librespot-connect (=0.4.3) +939 more potentially affected by unknown CVE via aes-soft (=0.6.4)

aes-soft CARGO version =0.6.4 is affected by a known vulnerability. The following packages have a transitive dependency on aes-soft and may be impacted: - actinium226-librespot =0.4.3 - actinium226-librespot-connect =0.4.3 - actinium226-librespot-playback =0.4.3, =0.1.3, =0.1.0, =0.3.0, =0.3.0,...

actinium226-librespot (=0.4.3), actinium226-librespot-connect (=0.4.3) +924 more potentially affected by unknown CVE via aesni (>=0.10.0 <=0.9.0)

aesni CARGO version =0.10.0, =0.4.3, =0.1.3, =0.1.0, =0.3.0, =0.3.0, =0.5.1, =0.0.2, =0.1.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0059...

actinium226-librespot (=0.4.3), actinium226-librespot-connect (=0.4.3) +51 more potentially affected by unknown CVE via aes-ctr (>=0.6.0 <=0.99.99)

aes-ctr CARGO version =0.6.0, =0.4.3, =0.5.0, =0.1.0, =0.2.0, =0.1.0, =0.40.0, =0.40.0, =0.40.0, =0.40.0, =0.1.0, =0.1.0, =0.6.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2021-0061...

Rust rkyv crate 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust rkyv crate versions prior to 0.6.0, which stems from the fact that when an archive is created via serialization, the contents of the archive may contain uninitialized valu...

rkyv_dyn (>=0.1.0 <=0.5.1), stackstring (=0.0.2) +12 more potentially affected by CVE-2021-31919 via rkyv (>=0.1.1 <=0.5.2)

rkyv CARGO version =0.1.1, =0.1.0, =0.1.1, =0.1.2, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =0.8.0, =0.1.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.1.5 Source cves: CVE-2021-31919 Source advisory: OSV:RUSTSEC-2021-0054...

CVE-2021-28879 affecting package rust 1.47.0-3

CVE-2021-28879 affecting package rust 1.47.0-3. A patched version of the package is available...

[SECURITY] Fedora 33 Update: rust-1.51.0-3.fc33

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

Fedora: Security Advisory for rust (FEDORA-2021-d7f74f0250)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rust (FEDORA-2021-b1ba54add6)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : librsvg (SUSE-SU-2021:1310-1)

This update for librsvg fixes the following issues : librsvg was updated to 2.42.9 : - Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991 bsc1148293 -the bundled version of the cssparser crate now builds correctly on Rust 1.43...

Fedora: Security Advisory for rust (FEDORA-2021-d0ba1901ca)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

In the standard library in Rust before 1.52.0 the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.

...

In the standard library in Rust before 1.49.0 VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.

...

SUSE-SU-2021:1310-1 Security update for librsvg

This update for librsvg fixes the following issues: - librsvg was updated to 2.42.9: Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991 bsc1148293 -the bundled version of the cssparser crate now builds correctly on Rust 1.43 bsc11815...

In the standard library in Rust before 1.50.0 read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.

...

In the standard library in Rust before 1.49.0 String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.

...