Описание
Low: rust-toolset:rhel8 security, bug fix, and enhancement update
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
The following packages have been upgraded to a later upstream version: rust (1.49.0). (BZ#1896712)
Security Fix(es):
-
rust: use-after-free or double free in VecDeque::make_contiguous (CVE-2020-36318)
-
rust: memory safety violation in String::retain() (CVE-2020-36317)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1949189
- Red Hat - 1949192
Связанные уязвимости
ELSA-2021-1935: rust-toolset:ol8 security, bug fix, and enhancement update (LOW)
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
