SUSE-SU-2018:3357-1

Опубликовано: 23 окт. 2018

Источник: suse-cvrf

Описание

Security update for rust

This update for rust fixes the following issues:

CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirely on 1.28.0 (bsc#1100691).

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15

rust-1.24.1-3.6.1

rust-std-1.24.1-3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183357-1/
Link for SUSE-SU-2018:3357-1
https://lists.suse.com/pipermail/sle-security-updates/2018-October/004777.html
E-Mail link for SUSE-SU-2018:3357-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1100691
SUSE Bug 1100691
https://www.suse.com/security/cve/CVE-2018-1000622/
SUSE CVE CVE-2018-1000622 page

Описание

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.

Затронутые продукты

SUSE Linux Enterprise Module for Development Tools 15:rust-1.24.1-3.6.1

SUSE Linux Enterprise Module for Development Tools 15:rust-std-1.24.1-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000622.html
CVE-2018-1000622
https://bugzilla.suse.com/1100691
SUSE Bug 1100691

SUSE-SU-2018:3357-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15

Ссылки

Уязвимость: CVE-2018-1000622

Описание

Затронутые продукты

Ссылки