Lucene search

RedHatRHSA-2021:1935

HistoryMay 18, 2021 - 6:26 a.m.

(RHSA-2021:1935) Low: rust-toolset:rhel8 security, bug fix, and enhancement update

2021-05-1806:26:06

access.redhat.com

security update

memory safety

cve-2020-36318

cve-2020-36317

rust 1.49.0

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

70.3%

JSON

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.

The following packages have been upgraded to a later upstream version: rust (1.49.0). (BZ#1896712)

Security Fix(es):

rust: use-after-free or double free in VecDeque::make_contiguous (CVE-2020-36318)
rust: memory safety violation in String::retain() (CVE-2020-36317)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64leclippy< 1.49.0-1.module+el8.4.0+9446+1a463e08clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
RedHatanyaarch64rls< 1.49.0-1.module+el8.4.0+9446+1a463e08rls-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
RedHatanyaarch64rust< 1.49.0-1.module+el8.4.0+9446+1a463e08rust-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
RedHatanyppc64lerust< 1.49.0-1.module+el8.4.0+9446+1a463e08rust-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
RedHatanyx86_64rust-std-static< 1.49.0-1.module+el8.4.0+9446+1a463e08rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
RedHatanys390xrust-debugsource< 1.49.0-1.module+el8.4.0+9446+1a463e08rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
RedHatanys390xclippy< 1.49.0-1.module+el8.4.0+9446+1a463e08clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
RedHatanyaarch64rust-debuginfo< 1.49.0-1.module+el8.4.0+9446+1a463e08rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
RedHatanyppc64lerust-debuginfo< 1.49.0-1.module+el8.4.0+9446+1a463e08rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
RedHatanyppc64lecargo< 1.49.0-1.module+el8.4.0+9446+1a463e08cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc64le	clippy	< 1.49.0-1.module+el8.4.0+9446+1a463e08	clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
RedHat	any	aarch64	rls	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rls-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
RedHat	any	aarch64	rust	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rust-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
RedHat	any	ppc64le	rust	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rust-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
RedHat	any	x86_64	rust-std-static	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
RedHat	any	s390x	rust-debugsource	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
RedHat	any	s390x	clippy	< 1.49.0-1.module+el8.4.0+9446+1a463e08	clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
RedHat	any	aarch64	rust-debuginfo	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
RedHat	any	ppc64le	rust-debuginfo	< 1.49.0-1.module+el8.4.0+9446+1a463e08	rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
RedHat	any	ppc64le	cargo	< 1.49.0-1.module+el8.4.0+9446+1a463e08	cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm