rust-toolset:rhel8 security, bug fix, and enhancement update
エラータID: AXSA:2021-2363:01
リリース日:
2021/08/16 Monday - 08:06
題名:
rust-toolset:rhel8 security, bug fix, and enhancement update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Rust の標準ライブラリには文字列の結合の最適化に問題があり、文字列の長さが確
認された後に、借用した文字列に変更があった場合、初期化されていないバイトが公開
される、もしくはプログラムがクラッシュする脆弱性があります。(CVE-2020-36323)
- Rust の標準ライブラリに含まれる read_to_end() 関数には安全でないコンテキスト
における Read の戻り値を検証しない問題により、バッファーオーバーフローを引き起
こす脆弱性があります。(CVE-2021-28875)
- Rust の標準ライブラリの Zip の実装にはパニック・セイフティーに問題があり、特
定の条件において基本的なイテレーターにパニックが発生したとき、同じインデックス
に対し __iterator_get_unchecked() が複数回呼ばれることにより、
TrustedRandomAccess トレイト の安全要件に適合しないため、メモリ安全性違反を引
き起こす脆弱性があります。(CVE-2021-28876)
- Rust の標準ライブラリの Zip の実装には、入れ子状態の時、同じインデックスに対
し __iterator_get_unchecked() が複数回呼ばれることにより、TrustedRandomAccess
トレイト の安全要件に適合しないため、メモリ安全性違反を引き起こす脆弱性があり
ます。(CVE-2021-28877)
- Rust の標準ライブラリの Zip の実装には、 next_back() と next() が一緒に使わ
れたとき、特定の条件下で同じインデックスに対し __iterator_get_unchecked() が複
数回呼ばれることにより、TrustedRandomAccess トレイトの安全要件に適合しないため、
メモリ安全性違反を引き起こす脆弱性があります。(CVE-2021-28878)
- Rust の標準ライブラリに含まれている Zip の実装には、整数オーバーフローが原因
で間違ったサイズを報告する問題があるため、一度使われた Zip イテレーターを再び
使用した時にバッファーオーバーフローを引き起こす脆弱性があります。
(CVE-2021-28879)
- Rust の標準ライブラリには、要素を解放する時にパニックが発生すると、
Vec::from_iter 関数で二重解放が発生する脆弱性があります。(CVE-2021-31162)
Modularity name: rust-toolset
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-36323
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.
CVE-2021-28875
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
CVE-2021-28876
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
CVE-2021-28877
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once when nested. This bug can lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
CVE-2021-28878
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.
CVE-2021-28879
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
CVE-2021-31162
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
追加情報:
N/A
ダウンロード:
SRPMS
- rust-toolset-1.52.1-1.module+el8+1294+a99806e4.src.rpm
MD5: 542f943ec1a95d79a8edbd081f7826e6
SHA-256: 7239dde465b0d1a9dc9409c54fb0b8c860e438ec23aa37524f9508e0b368bc5d
Size: 11.23 kB - rust-1.52.1-1.module+el8+1294+a99806e4.src.rpm
MD5: c2313437cc76ec29ef13a80e62a8e1e5
SHA-256: c827b3191521165311296f8e4a019cf75a6d93cf3dd9fd0373dfba252e7bcb81
Size: 109.83 MB
Asianux Server 8 for x86_64
- rust-toolset-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 99b9b8840c6f8d37db899a9cba039e4a
SHA-256: 2f19fddc886d69ec4a4e3863b6e8b407b8205e604e376fd3390a38c73158822c
Size: 10.94 kB - cargo-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: e02038dab9987720e1378e786da58a9a
SHA-256: e024cb35b7c0fb1a66b9c9664822fae59512ad7788da0f86d8ffcc8781e050bb
Size: 4.17 MB - cargo-doc-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
MD5: 3768f2eb69794952079c2d14d5adb62d
SHA-256: af77fa98ddf30bb32bd3e4cd6dd63260d4a3c836d5b8b6b5002d9910230f0b6f
Size: 10.85 kB - clippy-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 39a25faebe85ba6b5414d3832eb5bcb6
SHA-256: 93305ad5ab1decc33f240df3338dfe1589aabe585373d1eb71da4ca964d386ff
Size: 1.94 MB - rls-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: c43f5de87e04da7d8dc89160bdc7d011
SHA-256: 1f6d49f3e9486d7d6cc77cd36348d93b855c68abac5dc62df009ecd567868718
Size: 7.58 MB - rust-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 740ad78b4b0414a9b3a016c4e72abfe9
SHA-256: b87977345c4f8393a53c2f0303e5745ab6858b8f73f53e9534013f6f203f2c2b
Size: 24.24 MB - rust-analysis-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: b00230a1272d59eac71c2f824a2db400
SHA-256: c72aa8014847cde19050b31ec9967e687bf88e6ee04251d91164837531fa8cd3
Size: 2.99 MB - rust-debugger-common-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
MD5: e52bd8ae939f387cf5ae8392a38a29c6
SHA-256: cba643faf6b4900b497d2d3de2f6aec884a04261dc051d61e3cac6604b80766f
Size: 12.05 kB - rust-debugsource-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 0b8194aa938e62ace83ddb32c678c02b
SHA-256: b4dfd595b9e5be38a4e0c3e18f0e507776e140f3681db3a760c09c9a18b913b0
Size: 11.25 MB - rust-doc-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 94f0edaa7722cb9c58f1ddc36186ee1f
SHA-256: 9f37cad3c653f50094cabb7d3b5328821c7f0eb9fba40ceca65af3299189e3d1
Size: 28.47 MB - rust-gdb-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
MD5: f938ec8f88ce3855b3c759e7af4757ef
SHA-256: e9eef454acaa69e14dcf709152f07f41b6cc927fea85d80aa9da0ef52f486d7c
Size: 15.46 kB - rust-lldb-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
MD5: d434880c46536f0a32560899a6407ee4
SHA-256: e7a40d29d676085bf174f653a53c3e4dbc860405f39d294edef05c1227ebfb28
Size: 17.07 kB - rust-src-1.52.1-1.module+el8+1294+a99806e4.noarch.rpm
MD5: 0a33070cc28504f0c379f190dddd8d5c
SHA-256: e609bbe4caeba6b2e49c927df12d3b2fe8a332b978fbef03e82960be9ed06103
Size: 2.45 MB - rust-std-static-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 2627e2483f63202f7fc681fce48f5255
SHA-256: 947a49c38ba1e97dd55bec24317e13bc3237a9228dbb09c3b7a25a76dd6d5f94
Size: 24.31 MB - rustfmt-1.52.1-1.module+el8+1294+a99806e4.x86_64.rpm
MD5: 28ab29f0c8f037d7bf403c6561535d10
SHA-256: 7c7bec726ca307ffbc3fcd37cbc047b9d6b1d03d90ffe988fff5f84e5c35bb88
Size: 2.72 MB
English