Описание
Security update for rust
This update for rust fixes the following issues:
Rust was updated to version 1.36.0.
Security issues fixed:
- CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety (bsc#1134978)
- CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution (bsc#1100691)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2294-1
- SUSE Security Ratings
- SUSE Bug 1096945
- SUSE Bug 1100691
- SUSE Bug 1133283
- SUSE Bug 1134978
- SUSE CVE CVE-2018-1000622 page
- SUSE CVE CVE-2019-12083 page
Описание
The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the --plugin-path flag. This vulnerability appears to have been fixed in 1.27.1.
Затронутые продукты
Ссылки
- CVE-2018-1000622
- SUSE Bug 1100691
Описание
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.
Затронутые продукты
Ссылки
- CVE-2019-12083
- SUSE Bug 1134978