rust-toolset:rhel8 security update
エラータID: AXSA:2023-6349:01
リリース日:
2023/08/17 Thursday - 12:18
題名:
rust-toolset:rhel8 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Cargo には、クレートアーカイブの展開時に umask の値を考慮しない
問題があるため、ローカルの攻撃者により、他のローカルユーザーから
書き込み可能なファイルを含むクレートアーカイブを介して、任意の
コードの実行を可能とする脆弱性が存在します。(CVE-2023-38497)
Modularity name: rust-toolset
Stream name: rhel8
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.
追加情報:
N/A
ダウンロード:
SRPMS
- rust-1.66.1-2.module+el8+1654+241c134b.src.rpm
MD5: e5a167ccb43dd8f3043c7712cca0230e
SHA-256: eee69b9e5f694bd16954582ecb5bd90fb5fd9024707f5d316ca3e691da6bceb5
Size: 136.46 MB
Asianux Server 8 for x86_64
- cargo-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: e8751dd86573b679d1831efe12ea3da3
SHA-256: 8f84d6282f465064343ad589d5ceac131d3490e3b47e5a68e1edc76fd94cfacf
Size: 4.73 MB - clippy-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 851ce531696f116d757ed24d28a49af4
SHA-256: 7c603569f679aa90d8720385e36776d834a2d194a70ababa1f11564382b9054b
Size: 2.57 MB - rust-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 669db1ea439d64a133c0b6b12a90057d
SHA-256: 8cf97230dfac9dc7de5930bcf961580ee09f881c4a8b379ff916cd28b6b31c83
Size: 28.31 MB - rust-analysis-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 1ca9184db18b0f96176e2c4680e58301
SHA-256: c4eee53bb031570d9963e4676afdbf0fbcb2122d3811085ce15770d9c8e7c559
Size: 3.86 MB - rust-analyzer-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 28f42c35f6406b8dcf68663ab7ea265a
SHA-256: 1bcb5b4ecbad4bdf320f3ee4f820017078e6657fe463c707b60199d80ea2d560
Size: 7.66 MB - rust-debugger-common-1.66.1-2.module+el8+1654+241c134b.noarch.rpm
MD5: ce96b67bbd4a5efadb32b2d4f0cd487f
SHA-256: 508c1492817a0762d60678c12282c108ecfbf841fbe333351bb469b16b449c2f
Size: 13.93 kB - rust-debugsource-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: b91aca0e72212a291c2894ce689cbe0a
SHA-256: 30765cff48c766bb8aab4d9dda9e104eb7a949da15b6852ec27854913dc8008f
Size: 14.16 MB - rust-doc-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 74efb8d610ee9ead3f9dd81124b15c5f
SHA-256: 78dfa022525c37191d23ef82c0c6e63587e359b478ffcce681d67920136c4a8b
Size: 37.22 MB - rustfmt-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 3a98a14fbe4dc6e7d6aeb27c625945f6
SHA-256: 15029aae8c4d05dfff57437da05a6921dc3f78699e1844e0c6416575dc674838
Size: 3.12 MB - rust-gdb-1.66.1-2.module+el8+1654+241c134b.noarch.rpm
MD5: ac07b11011fd8febe45669fccd2f9e47
SHA-256: 34bbdaf9d896c0507febc547293d1e4b2bd3833ba87b85cc11fd9163b385b17a
Size: 17.43 kB - rust-lldb-1.66.1-2.module+el8+1654+241c134b.noarch.rpm
MD5: 47b676c6c5ecc0339d6637b96becd571
SHA-256: 4aa70a5532f867bfa45943e1784eb15731a6eda138b1156409dc8b0fdf30a5b8
Size: 19.03 kB - rust-src-1.66.1-2.module+el8+1654+241c134b.noarch.rpm
MD5: 56909bad7e828b56a6589303559d0605
SHA-256: f4a78807f77a617decf0cdef6413c99d9086bb3ee93ac9f390ef230e4ec4ff1c
Size: 2.83 MB - rust-std-static-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: a55c43cd26ac9c110d5a18349c1dbdbe
SHA-256: efb1a0d8544d6cd948469db67c4ad5156c4fc6d7a99a6b0d7e1adbdb5ce07201
Size: 29.05 MB - rust-std-static-wasm32-unknown-unknown-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 5cde80e33735e9ba9205941a431bfd2a
SHA-256: a22609f921880db4a6f59b6b108a8636a297bebf259d1a3764d1cc6a41999862
Size: 25.67 MB - rust-std-static-wasm32-wasi-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: d7fab45e2dd63776299be04f360b86e5
SHA-256: 9c36f3766877c14bb02cbe99c6604a0c2b79366313cfe8a287a10c916210ab9f
Size: 26.64 MB - rust-toolset-1.66.1-2.module+el8+1654+241c134b.x86_64.rpm
MD5: 0c2f2194d1e53d5e9234a20339510c83
SHA-256: de9e4af6a0f9d244f8b38cd0a25cacee5cc375841f6be3f093ca91b709c3dda1
Size: 13.59 kB
English