rust-toolset:rhel8 security, bug fix, and enhancement update

エラータID: AXSA:2021-2363:01

Release date: 
Monday, August 16, 2021 - 08:06
Subject: 
rust-toolset:rhel8 security, bug fix, and enhancement update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

The following packages have been upgraded to a later upstream version: rust (1.52.1).

Security Fix(es):

* rust: optimization for joining strings can cause uninitialized bytes to be exposed (CVE-2020-36323)
* rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context (CVE-2021-28875)
* rust: panic safety issue in Zip implementation (CVE-2021-28876)
* rust: memory safety violation in Zip implementation for nested iter::Zips (CVE-2021-28877)
* rust: memory safety violation in Zip implementation when next_back() and next() are used together (CVE-2021-28878)
* rust: integer overflow in the Zip implementation can lead to a buffer overflow (CVE-2021-28879)
* rust: double free in Vec::from_iter function if freeing the element panics (CVE-2021-31162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

For information on usage, see Using Rust Toolset linked in the References section.

CVE-2020-36323
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
CVE-2021-28875
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
CVE-2021-28876
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
CVE-2021-28877
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
CVE-2021-28878
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
CVE-2021-28879
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
CVE-2021-31162
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.

Modularity name: rust-toolset
Stream name: rhel8

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. rust-toolset-1.52.1-1.module+el8+1294+a99806e4.src.rpm
    MD5: 542f943ec1a95d79a8edbd081f7826e6
    SHA-256: 7239dde465b0d1a9dc9409c54fb0b8c860e438ec23aa37524f9508e0b368bc5d
    Size: 11.23 kB
  2. rust-1.52.1-1.module+el8+1294+a99806e4.src.rpm
    MD5: c2313437cc76ec29ef13a80e62a8e1e5
    SHA-256: c827b3191521165311296f8e4a019cf75a6d93cf3dd9fd0373dfba252e7bcb81
    Size: 109.83 MB

Asianux Server 8 for x86_64
  1. rust-toolset-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 99b9b8840c6f8d37db899a9cba039e4a
    SHA-256: 2f19fddc886d69ec4a4e3863b6e8b407b8205e604e376fd3390a38c73158822c
    Size: 10.94 kB
  2. cargo-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: e02038dab9987720e1378e786da58a9a
    SHA-256: e024cb35b7c0fb1a66b9c9664822fae59512ad7788da0f86d8ffcc8781e050bb
    Size: 4.17 MB
  3. cargo-doc-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
    MD5: 3768f2eb69794952079c2d14d5adb62d
    SHA-256: af77fa98ddf30bb32bd3e4cd6dd63260d4a3c836d5b8b6b5002d9910230f0b6f
    Size: 10.85 kB
  4. clippy-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 39a25faebe85ba6b5414d3832eb5bcb6
    SHA-256: 93305ad5ab1decc33f240df3338dfe1589aabe585373d1eb71da4ca964d386ff
    Size: 1.94 MB
  5. rls-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: c43f5de87e04da7d8dc89160bdc7d011
    SHA-256: 1f6d49f3e9486d7d6cc77cd36348d93b855c68abac5dc62df009ecd567868718
    Size: 7.58 MB
  6. rust-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 740ad78b4b0414a9b3a016c4e72abfe9
    SHA-256: b87977345c4f8393a53c2f0303e5745ab6858b8f73f53e9534013f6f203f2c2b
    Size: 24.24 MB
  7. rust-analysis-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: b00230a1272d59eac71c2f824a2db400
    SHA-256: c72aa8014847cde19050b31ec9967e687bf88e6ee04251d91164837531fa8cd3
    Size: 2.99 MB
  8. rust-debugger-common-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
    MD5: e52bd8ae939f387cf5ae8392a38a29c6
    SHA-256: cba643faf6b4900b497d2d3de2f6aec884a04261dc051d61e3cac6604b80766f
    Size: 12.05 kB
  9. rust-debugsource-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 0b8194aa938e62ace83ddb32c678c02b
    SHA-256: b4dfd595b9e5be38a4e0c3e18f0e507776e140f3681db3a760c09c9a18b913b0
    Size: 11.25 MB
  10. rust-doc-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 94f0edaa7722cb9c58f1ddc36186ee1f
    SHA-256: 9f37cad3c653f50094cabb7d3b5328821c7f0eb9fba40ceca65af3299189e3d1
    Size: 28.47 MB
  11. rust-gdb-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
    MD5: f938ec8f88ce3855b3c759e7af4757ef
    SHA-256: e9eef454acaa69e14dcf709152f07f41b6cc927fea85d80aa9da0ef52f486d7c
    Size: 15.46 kB
  12. rust-lldb-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
    MD5: d434880c46536f0a32560899a6407ee4
    SHA-256: e7a40d29d676085bf174f653a53c3e4dbc860405f39d294edef05c1227ebfb28
    Size: 17.07 kB
  13. rust-src-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
    MD5: 0a33070cc28504f0c379f190dddd8d5c
    SHA-256: e609bbe4caeba6b2e49c927df12d3b2fe8a332b978fbef03e82960be9ed06103
    Size: 2.45 MB
  14. rust-std-static-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 2627e2483f63202f7fc681fce48f5255
    SHA-256: 947a49c38ba1e97dd55bec24317e13bc3237a9228dbb09c3b7a25a76dd6d5f94
    Size: 24.31 MB
  15. rustfmt-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
    MD5: 28ab29f0c8f037d7bf403c6561535d10
    SHA-256: 7c7bec726ca307ffbc3fcd37cbc047b9d6b1d03d90ffe988fff5f84e5c35bb88
    Size: 2.72 MB