rust-toolset:rhel8 security, bug fix, and enhancement update
エラータID: AXSA:2021-2146:01
リリース日:
2021/07/03 Saturday - 06:45
題名:
rust-toolset:rhel8 security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Low
Description:
以下項目について対処しました。
[Security Fix]
- Rust の標準ライブラリに含まれる String::retain() 関数には、パニック・セイフティーの問
題があり、提供されたクロージャーがパニックを起こした際 UTF-8 でない Rust 文字列が
生成されるため、他の文字列 API が同一文字列内で UTF-8 エンコーディングの使用を想定
した場合にメモリーの安全性違反を引き起こす脆弱性があります。(CVE-2020-36317)
- Rust の標準ライブラリに含まれる VecDeque::make_contiguous には、特定の条件下で
同じ要素を2回以上ポップする問題があり、これによりメモリーの解放後使用や二重解放の
脆弱性があります。(CVE-2020-36318)
Modularity name: rust-toolset
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-36317
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string.
CVE-2020-36318
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
追加情報:
N/A
ダウンロード:
SRPMS
- rust-toolset-1.49.0-1.module+el8+1248+e28f4b7c.src.rpm
MD5: ded105e6e0bd042bf7d389d31728cb95
SHA-256: 5c68408cc95904a976882a3c21d552f088cdcbd15908441249a5e0347ed7ab51
Size: 10.96 kB - rust-1.49.0-1.module+el8+1248+e28f4b7c.src.rpm
MD5: eac0c98a49ad5bd2c0075faabc25a589
SHA-256: 822fea78d7469e7d666ba3c2f6a43f72bf5a9cb90c1f8a5368a382c7f65226c9
Size: 103.36 MB
Asianux Server 8 for x86_64
- rust-toolset-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 8bb9d80e1b5ada4c42db24d29766171e
SHA-256: aa2ac65f3ca5c093601e1305864d84c4b7ce3eca7cc2cbb8d3e38bf468fdc113
Size: 10.70 kB - cargo-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 421b42a45e876b500417030fa51832b2
SHA-256: 65c2485ad6bea7cb760efca8295d8df6827f0f863b00c74a2d36e216aa8f5209
Size: 3.90 MB - cargo-doc-1.49.0-1.module+el8+1248+e28f4b7c.noarch.rpm
MD5: 3f33d38eb442c89387db12df451619ec
SHA-256: c0d71f7ebac77a3a34f34c81e8609a6656b427c09b79f877ada8d3eac3ae2ad5
Size: 10.46 kB - clippy-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 8abfbbd587ddd41ad04ba19c02d55f87
SHA-256: aeb90e95cb71b9789a2527c2aa8498cd936ef7d84115c5bf545acaa2bea50726
Size: 2.04 MB - rls-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: a29c40c33a0f3ed7da39723496ddfedc
SHA-256: fce78463d7df2182d5f16dc069482310fb0a8ab1be8504e76ce8b0d84acfd57c
Size: 7.66 MB - rust-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 6f7c6626ffa18ea399232189c36f198a
SHA-256: 75a9045527a24f84419f8d382cd8930afda8c41ec18a75495d4e28a6ced74cfe
Size: 31.36 MB - rust-analysis-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 13b52b08f93df02814a1a9003e875884
SHA-256: 0304e8201998374e5b946ad265c7dd1d2d0a72ad50db0640be94fb98e1fb91d4
Size: 2.74 MB - rust-debugger-common-1.49.0-1.module+el8+1248+e28f4b7c.noarch.rpm
MD5: d581870c4e9d3c03379c4cad4c201c70
SHA-256: d10d82c863ac457a3556616ee186e4ff42cf14890ba1b07102e30366cb37e862
Size: 11.67 kB - rust-debugsource-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 1a9e56d744f41b5fcdf71341366a8584
SHA-256: e05bcb1c119a27f3669a4fd0a31069578d341af6787e2efdea5fb138bd230eb6
Size: 11.08 MB - rust-doc-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: d9f6a8597aaf1473886a4b4b27cc5a99
SHA-256: 7ac120d9fad2fe9b2281429a112245b4c595a6f3522d84fb843333559359fb07
Size: 26.50 MB - rust-gdb-1.49.0-1.module+el8+1248+e28f4b7c.noarch.rpm
MD5: 3593ab4af84272e7e29783782a9779ac
SHA-256: 7c6595a05eb4b47e77258fad43472c5e9e48b0122b0dc8113679f4e69e9361f2
Size: 15.03 kB - rust-lldb-1.49.0-1.module+el8+1248+e28f4b7c.noarch.rpm
MD5: 304d8a05a052fb4e7300481993386c61
SHA-256: 62f84cb0b19af370154f4ffe057db8533cf6054011137481849beb1ca53aa969
Size: 16.65 kB - rust-src-1.49.0-1.module+el8+1248+e28f4b7c.noarch.rpm
MD5: 3a473b446d40fb89b39653f5ee317418
SHA-256: 97b69fc4b5558696b5665886ef4a6c9899e990612085a672e66c65d01a30dfc6
Size: 2.30 MB - rust-std-static-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: 33bc10002b113d149ebd3c281e51dfee
SHA-256: a6dd2509c6fb3216f891e55a5edcd8e0db50867f141844c3963b6754d8486adc
Size: 22.48 MB - rustfmt-1.49.0-1.module+el8+1248+e28f4b7c.x86_64.rpm
MD5: b8c21a0ae7c296d4dc4e0133b55ea231
SHA-256: 74002d5a39cd6e8f76ecdc199f92cd8c8f8d55a9c09ce00e29642b6e3835d247
Size: 2.66 MB