rust-toolset:rhel8 security update

エラータID: AXSA:2022-2990:01

Release date: 
Thursday, January 20, 2022 - 05:32
Subject: 
rust-toolset:rhel8 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in rust in order to facilitate detection of BiDi Unicode characters:

Rust introduces two new lints to detect and reject code containing the affected codepoints. These new deny-by-default lints detect affected codepoints in string literals and comments. The lints will prevent source code file containing these codepoints from being compiled. If your code has legitimate uses for the codepoints we recommend replacing them with the related escape sequence. The error messages will suggest the right escapes to use.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.

Modularity name: rust-toolset
Stream name: rhel8

Solution: 

Update packages.

CVEs: 
CVE-2021-42574
An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and interpreters. Adversaries can leverage this to encode source code for compilers accepting Unicode such that targeted vulnerabilities are introduced invisibly to human reviewers.
Additional Info: 

N/A

Download: 

SRPMS
  1. rust-toolset-1.54.0-1.module+el8+1370+3ae95586.src.rpm
    MD5: 19c488f65de4847eddc13c93fcb78fad
    SHA-256: 56069990043125174b060dfca6d1610c1fe385f27aeabab0b36ba183a21521bd
    Size: 11.40 kB
  2. rust-1.54.0-3.module+el8+1370+3ae95586.src.rpm
    MD5: d8eacae895fa0ea4803408e09690af21
    SHA-256: 627084748f9f89f35c0e8cdad1b6b6012999e22e17c91f840d06474c39001646
    Size: 110.97 MB

Asianux Server 8 for x86_64
  1. rust-toolset-1.54.0-1.module+el8+1370+3ae95586.x86_64.rpm
    MD5: af0f4bde04c059474a226caabdd8f485
    SHA-256: 2690471dcaab8b6ef3b149c5295c15b35a7792d2fd336f24f066829626c91e8c
    Size: 11.10 kB
  2. cargo-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: 86010be87ac1df05aa6a39ef78fbded2
    SHA-256: 96c309ce352cd9bb48aada7124341680f51ea4c4ec00905251d97e981b9f86b8
    Size: 4.18 MB
  3. cargo-doc-1.54.0-3.module+el8+1370+3ae95586.noarch.rpm
    MD5: 9506fc5b2df5ae5d70319376347f3573
    SHA-256: cba00d34adab0c77e8a2e3acfcde3f26f8e89e5fe8a094ce2e31e3457c26e15b
    Size: 11.39 kB
  4. clippy-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: 5fe90fb57bd8f89a4a0461c4b1eae672
    SHA-256: df8c1b43b78c97d1e7fd8a71df9950967f132026b048e7976e6d749ff79f53ed
    Size: 1.96 MB
  5. rls-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: 66cfb11d70165db5bc26834cf87ff03f
    SHA-256: f758cbe07343619c9779e0a2fa947836f4d10365da8d30d8d23c3788456a2dde
    Size: 7.54 MB
  6. rust-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: ce11685fec2f830199658421083ec35e
    SHA-256: 99949d4d9ad4b301ed174af285972d675e9d1455ab242ddf6b6598d82909cf8a
    Size: 24.85 MB
  7. rust-analysis-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: ed0b8caab2b33257fe0ab3a4e000c563
    SHA-256: cf0e1a39d41526aba7a36930b66212317edbce88a81fc4fb6c8fd6803bda09d8
    Size: 3.18 MB
  8. rust-debugger-common-1.54.0-3.module+el8+1370+3ae95586.noarch.rpm
    MD5: e3e99c398a54c878faf9b805a2e0716f
    SHA-256: 9154cbeb0b3e2eb61fd4f18767d052dbe814c7727c57eaad304cabf5d59a75de
    Size: 12.60 kB
  9. rust-debugsource-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: c37cf3a66c98d8e83b1541ddead596b7
    SHA-256: fc7df350d6993e6ef213b99cfed02b1b8db6da702bb1895c26421ce6fd49a3c8
    Size: 11.57 MB
  10. rust-doc-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: 8dd3b7da0a19a1dc8cbac5a47bf84c50
    SHA-256: 0b670d40486f1d8636502f5f4d4a8037ad204ba51048dbcd5b2cf637d484053d
    Size: 31.23 MB
  11. rustfmt-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: acadbfeee60c7798009120622d7cd675
    SHA-256: c30003b12b1a567afa5104b540ab67a46610c9ddd9c3e27d44870e27fb9b69d2
    Size: 2.77 MB
  12. rust-gdb-1.54.0-3.module+el8+1370+3ae95586.noarch.rpm
    MD5: d2c1ae228251419a6afdc386dd1c68e1
    SHA-256: b3b59b3b6662a0c9fdd1979a276239c506d0d01c6c1961c32dfea0cc5d78be30
    Size: 16.01 kB
  13. rust-lldb-1.54.0-3.module+el8+1370+3ae95586.noarch.rpm
    MD5: b1cc7714e5c8d7a4dcc99ec088b7601c
    SHA-256: fc25c9278dced2da8dbbbb43306e313b4f847eef6773eb309f9bba5e4cca96c1
    Size: 17.63 kB
  14. rust-src-1.54.0-3.module+el8+1370+3ae95586.noarch.rpm
    MD5: 4005db86e94be9dbd60e7257653c2439
    SHA-256: 11e13f8cd108e9630702f0a6f9caa2d291e6b64dde6f138c1329d6854fbe418d
    Size: 2.63 MB
  15. rust-std-static-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: 964540d293758fd8a47fcb724f119946
    SHA-256: d35d40dd5ae8ceb13442ebf5ce5544d9a89e022d18f58432e1ba08dffd0671c9
    Size: 21.92 MB
  16. rust-std-static-wasm32-unknown-unknown-1.54.0-3.module+el8+1370+3ae95586.x86_64.rpm
    MD5: e982dc8eeb3a5b65c3f0798dad4da791
    SHA-256: c0e79289d5677bef51b47acba39ccae5c60a2abd066606ba929a1e66ee38b676
    Size: 19.56 MB