openSUSE-SU-2018:3451-1

Опубликовано: 25 окт. 2018

Источник: suse-cvrf

Описание

Security update for rust

This update for rust fixes the following issues:

CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirely on 1.28.0 (bsc#1100691).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

rust-1.24.1-lp150.2.4.1

rust-doc-1.24.1-lp150.2.4.1

rust-gdb-1.24.1-lp150.2.4.1

rust-src-1.24.1-lp150.2.4.1

rust-std-1.24.1-lp150.2.4.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00068.html
E-Mail link for openSUSE-SU-2018:3451-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.

Затронутые продукты

openSUSE Leap 15.0:rust-1.24.1-lp150.2.4.1

openSUSE Leap 15.0:rust-doc-1.24.1-lp150.2.4.1

openSUSE Leap 15.0:rust-gdb-1.24.1-lp150.2.4.1

openSUSE Leap 15.0:rust-src-1.24.1-lp150.2.4.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000622.html
CVE-2018-1000622
https://bugzilla.suse.com/1100691
SUSE Bug 1100691

openSUSE-SU-2018:3451-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-1000622

Описание

Затронутые продукты

Ссылки