Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:4270

Опубликовано: 09 нояб. 2021
Источник: rocky
Оценка: Moderate

Описание

Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

The following packages have been upgraded to a later upstream version: rust (1.54.0). (BZ#1945805)

Security Fix(es):

  • rust: incorrect parsing of extraneous zero characters at the beginning of an IP address string (CVE-2021-29922)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
cargox86_642.module+el8.5.0+678+cf7bc64bcargo-1.54.0-2.module+el8.5.0+678+cf7bc64b.x86_64.rpm
cargo-docnoarch2.module+el8.5.0+678+cf7bc64bcargo-doc-1.54.0-2.module+el8.5.0+678+cf7bc64b.noarch.rpm
cargo-docnoarch2.module+el8.5.0+678+cf7bc64bcargo-doc-1.54.0-2.module+el8.5.0+678+cf7bc64b.noarch.rpm
clippyx86_642.module+el8.5.0+678+cf7bc64bclippy-1.54.0-2.module+el8.5.0+678+cf7bc64b.x86_64.rpm
rlsx86_642.module+el8.5.0+678+cf7bc64brls-1.54.0-2.module+el8.5.0+678+cf7bc64b.x86_64.rpm
rustx86_642.module+el8.5.0+678+cf7bc64brust-1.54.0-2.module+el8.5.0+678+cf7bc64b.x86_64.rpm
rust-analysisx86_642.module+el8.5.0+678+cf7bc64brust-analysis-1.54.0-2.module+el8.5.0+678+cf7bc64b.x86_64.rpm
rust-debugger-commonnoarch2.module+el8.5.0+678+cf7bc64brust-debugger-common-1.54.0-2.module+el8.5.0+678+cf7bc64b.noarch.rpm
rust-debugger-commonnoarch2.module+el8.5.0+678+cf7bc64brust-debugger-common-1.54.0-2.module+el8.5.0+678+cf7bc64b.noarch.rpm
rust-docx86_642.module+el8.5.0+678+cf7bc64brust-doc-1.54.0-2.module+el8.5.0+678+cf7bc64b.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-29922

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-29922

CVSS3: 9.1
ubuntu
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

redhat логотип

CVE-2021-29922

CVSS3: 7.3
redhat
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

nvd логотип

CVE-2021-29922

CVSS3: 9.1
nvd
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.

debian логотип

CVE-2021-29922

CVSS3: 9.1
debian
больше 4 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly ...

github логотип

GHSA-g9v3-gh27-qjh3

CVSS3: 9.1
github
больше 3 лет назад

library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.