rust-1.66.1-2.el9
エラータID: AXSA:2023-6341:10
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.
Security Fix(es):
* rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.
Update packages.
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.
N/A
SRPMS
- rust-1.66.1-2.el9.src.rpm
MD5: d22ad11db0979155064177c803041b4c
SHA-256: 85b7eed4c3fa121137728a19c62187bd4663ee49e27560d323728fb97b3c0477
Size: 136.46 MB
Asianux Server 9 for x86_64
- cargo-1.66.1-2.el9.x86_64.rpm
MD5: a33cc80434f36ec5f29f814048750a1b
SHA-256: c57d914447a5338e941b18d783e554284424a0e5f8f6cc999816f22d54f2642c
Size: 4.67 MB - clippy-1.66.1-2.el9.x86_64.rpm
MD5: e6b507f118c79c2631e09681933aaad3
SHA-256: 94d5145ea143400e76b588bec8adf058f9b3fc6451cbe32c600375f187bd889b
Size: 2.52 MB - rust-1.66.1-2.el9.x86_64.rpm
MD5: 47eff1a2f68eec527b08d9fefa18edf5
SHA-256: d291c4602572af00ea2d65c3ee1458e0051ef1c181a244669b6afa38d79b5005
Size: 27.30 MB - rust-analysis-1.66.1-2.el9.x86_64.rpm
MD5: 3745d37e8e5095a85cd41581dc702b96
SHA-256: 783585d0e7588e87e788beccd0958bb4f111319189b0151f5bc267ba5cdd13bc
Size: 3.27 MB - rust-analyzer-1.66.1-2.el9.x86_64.rpm
MD5: 33c0c96db1d0a524324f2e7a862861e5
SHA-256: 594bce033a08ba7956db05ae4673e6e257d358705bbf1feaa2d6abdd54c39256
Size: 7.48 MB - rust-debugger-common-1.66.1-2.el9.noarch.rpm
MD5: 64f19e3208b562a3a38dd88b6a29f3e4
SHA-256: 2f9bd17e5ad28849d61bf273eff89682f9e605e96c1b8010c7d07fe2de3633fc
Size: 9.53 kB - rust-doc-1.66.1-2.el9.x86_64.rpm
MD5: 8f05ba840eaca16e4e17bbb46f7cdaf1
SHA-256: 2b8e16704bc7f0b8c02c95d9b2a36ff0108b167230fae8ae9dae9f2456130695
Size: 27.99 MB - rustfmt-1.66.1-2.el9.x86_64.rpm
MD5: 351e95492cd5bdf369ea397a3fe47022
SHA-256: 6a6351a57ed253438d8b847f076c7f12ea168f6e9809f7e8c095e6915a65a8e1
Size: 2.93 MB - rust-gdb-1.66.1-2.el9.noarch.rpm
MD5: 102a47130722db99d773be2578045c56
SHA-256: 773c9a01bba7e89e12529a915d2e32304ae56d2ccd33ef7d393ec8ac6279867b
Size: 12.90 kB - rust-lldb-1.66.1-2.el9.noarch.rpm
MD5: 2aa8ea7153f9b8c3a6eed09068b6a940
SHA-256: 712edfdda0c8da2ca27cf8deeeb7e06a1554dec1ef4ed2e2e5b9e1d905e60c18
Size: 14.36 kB - rust-src-1.66.1-2.el9.noarch.rpm
MD5: 4d03a1d211b65586a13545c28a1faa6a
SHA-256: b41df7e101b6f898e37191e4c4ad51697c6bf13c1ca96d4b43084a021e22d7ad
Size: 2.44 MB - rust-std-static-1.66.1-2.el9.i686.rpm
MD5: 61d4cc908d9830f3204ea12cc89e6472
SHA-256: ba9f4f1f2fda47ff56a4613894025bf848c22f95025c4212b7ef611e0111d1ca
Size: 29.53 MB - rust-std-static-1.66.1-2.el9.x86_64.rpm
MD5: fe0c79c0a802648c113f3817be2177de
SHA-256: 3ed27f5702cb7330c79fc9f64e0b6a2986a75b8256321f329832aefa5c34aa28
Size: 29.82 MB - rust-std-static-wasm32-unknown-unknown-1.66.1-2.el9.noarch.rpm
MD5: afefec5736a376ef886136d60e8d717f
SHA-256: f8e8e30d81d64e4424f0a5c33517589fc137c801c970a33b25514caa64a6c519
Size: 26.24 MB - rust-std-static-wasm32-wasi-1.66.1-2.el9.noarch.rpm
MD5: 43b68d6aedc5115783774ba4ff783803
SHA-256: 6cd480e796b7feb2eb460b0b21ac93301de21e4a4db9a848152a2327be85c118
Size: 27.14 MB - rust-toolset-1.66.1-2.el9.x86_64.rpm
MD5: 36c5e1ba5c29e4650c17d65f53d152fb
SHA-256: 71118d60e76263a240f9999355cc5e674db7038b88426c56241f230f9734dd32
Size: 9.13 kB