Red Hat Security Advisory 2021-1935-01

Red Hat Security Advisory 2021-1935-01: Posted May 19, 2021; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2021-1935-01 - Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Issues addressed include double free and use-after-free vulnerabilities.; tags | advisory, vulnerability; systems | linux, redhat; advisories | CVE-2020-36317, CVE-2020-36318; SHA-256 | 136d2f53532d092e5062c50af95f970cafdbd558af3e0658cc5ac194197ebb75; Download | Favorite | View

Red Hat Security Advisory 2021-1935-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   
Red Hat Security Advisory

Synopsis:          Low: rust-toolset:rhel8 security, bug fix, and enhancement update
Advisory ID:       RHSA-2021:1935-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:1935
Issue date:        2021-05-18
CVE Names:         CVE-2020-36317 CVE-2020-36318
====================================================================
1. Summary:

An update for the rust-toolset:rhel8 module is now available for Red Hat
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Rust is a systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety.

The following packages have been upgraded to a later upstream version: rust
(1.49.0). (BZ#1896712)

Security Fix(es):

* rust: use-after-free or double free in VecDeque::make_contiguous
(CVE-2020-36318)

* rust: memory safety violation in String::retain() (CVE-2020-36317)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.4 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1949189 - CVE-2020-36317 rust: memory safety violation in String::retain()
1949192 - CVE-2020-36318 rust: use-after-free or double free in VecDeque::make_contiguous

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:
rust-1.49.0-1.module+el8.4.0+9446+1a463e08.src.rpm
rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.src.rpm

aarch64:
cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rls-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm
rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.aarch64.rpm

noarch:
cargo-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm
rust-debugger-common-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm
rust-gdb-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm
rust-lldb-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm
rust-src-1.49.0-1.module+el8.4.0+9446+1a463e08.noarch.rpm

ppc64le:
cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rls-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm
rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.ppc64le.rpm

s390x:
cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rls-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm
rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.s390x.rpm

x86_64:
cargo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
cargo-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
clippy-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
clippy-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rls-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rls-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-analysis-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-debugsource-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-doc-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-std-static-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rust-toolset-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rustfmt-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm
rustfmt-debuginfo-1.49.0-1.module+el8.4.0+9446+1a463e08.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-36317
https://access.redhat.com/security/cve/CVE-2020-36318
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYKPxiNzjgjWX9erEAQiBNQ//aMyylDO7zj712n1z7FWhqvA5vlGSIU95
88+ZfVDQl4OB+t8r/CvqFi7VeTYaFMrt7EzO7PH93b6O0xAjb1MDubTAP1duvtIB
bRY+p5gfO9dznZq/uGgRsaVuv5KjuY6jjIZ2BDDo8TI7MpseD7gd/yjFqVhAFJDY
86/9bnvqbJTx39C03FkCpkdEHaIW+YLCI3G/IfYbbiemaacK6kkKOtgBfIY8qId+
JpjE9RK3DSUvv/+1WXBcrqxTmuF9w7XfQbrTz4z3ECbet1LRkD3DZ7LkCO+kBD1R
hY8ALbn9tXfzc8IeGI6lO1orir5K07azNJ+/sARLD31uSmTtQLk4HdjuSsMd44t/
9hUuv5GigOxPAeql+Qkak4JDzV5X9Rd0mNtFHN5vyK6bPj4qhgVCYecS2MyqPI80
rPr7zhCGcFlO1Rnae58AoMgDlvr/EXN1F3czHhI9OSoIF1929WkZtkwXNwZU3+fH
+OpsmSckTk7IYC3vCH8QKbS1O+7WaWhQJqqkkcEjEX7Ki3sXuhylfBou/YRM6qv8
Gn8U5qiSF5qqIjj2q5jk7Vo3TJwnRl22WvNba+hy8aO98zNI3zLckxyvQEdTbnGD
FbXRNtsLv1/nx8vHGWDZlH8r/yEKwIBQIB2sC2lujMQgKW9fiZ1uiDqIdE0gh+PY
XxLsQFuUKqc=FX5k
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 243 files
indoushka 150 files
Jay Turla 150 files
Ubuntu 63 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
Gentoo 33 files
H D Moore 31 files
Debian 29 files

File Archives

Systems

AIX (429)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,114)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,006)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,685)
Slackware (941)
Solaris (1,614)
SUSE (1,444)
Ubuntu (9,797)
UNIX (9,443)
UnixWare (187)
Windows (6,757)
Other

Red Hat Security Advisory 2021-1935-01

Red Hat Security Advisory 2021-1935-01

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2021-1935-01

Share This

Red Hat Security Advisory 2021-1935-01

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems