Red Hat Security Advisory 2023-4634-01

Red Hat Security Advisory 2023-4634-01: Posted Aug 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-4634-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-38497; SHA-256 | 066651121c75a921764782f330be26004c357892888390ee680b673b49ca81a4; Download | Favorite | View

Red Hat Security Advisory 2023-4634-01

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Important: rust security update
Advisory ID:       RHSA-2023:4634-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4634
Issue date:        2023-08-14
CVE Names:         CVE-2023-38497 
=====================================================================

1. Summary:

An update for rust is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the
cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* rust-cargo: cargo does not respect the umask when extracting dependencies
(CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228038 - CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:
rust-1.66.1-2.el9_2.src.rpm

aarch64:
cargo-1.66.1-2.el9_2.aarch64.rpm
cargo-debuginfo-1.66.1-2.el9_2.aarch64.rpm
clippy-1.66.1-2.el9_2.aarch64.rpm
clippy-debuginfo-1.66.1-2.el9_2.aarch64.rpm
rust-1.66.1-2.el9_2.aarch64.rpm
rust-analysis-1.66.1-2.el9_2.aarch64.rpm
rust-analyzer-1.66.1-2.el9_2.aarch64.rpm
rust-analyzer-debuginfo-1.66.1-2.el9_2.aarch64.rpm
rust-debuginfo-1.66.1-2.el9_2.aarch64.rpm
rust-debugsource-1.66.1-2.el9_2.aarch64.rpm
rust-doc-1.66.1-2.el9_2.aarch64.rpm
rust-std-static-1.66.1-2.el9_2.aarch64.rpm
rust-toolset-1.66.1-2.el9_2.aarch64.rpm
rustfmt-1.66.1-2.el9_2.aarch64.rpm
rustfmt-debuginfo-1.66.1-2.el9_2.aarch64.rpm

noarch:
rust-debugger-common-1.66.1-2.el9_2.noarch.rpm
rust-gdb-1.66.1-2.el9_2.noarch.rpm
rust-lldb-1.66.1-2.el9_2.noarch.rpm
rust-src-1.66.1-2.el9_2.noarch.rpm
rust-std-static-wasm32-unknown-unknown-1.66.1-2.el9_2.noarch.rpm
rust-std-static-wasm32-wasi-1.66.1-2.el9_2.noarch.rpm

ppc64le:
cargo-1.66.1-2.el9_2.ppc64le.rpm
cargo-debuginfo-1.66.1-2.el9_2.ppc64le.rpm
clippy-1.66.1-2.el9_2.ppc64le.rpm
clippy-debuginfo-1.66.1-2.el9_2.ppc64le.rpm
rust-1.66.1-2.el9_2.ppc64le.rpm
rust-analysis-1.66.1-2.el9_2.ppc64le.rpm
rust-analyzer-1.66.1-2.el9_2.ppc64le.rpm
rust-analyzer-debuginfo-1.66.1-2.el9_2.ppc64le.rpm
rust-debuginfo-1.66.1-2.el9_2.ppc64le.rpm
rust-debugsource-1.66.1-2.el9_2.ppc64le.rpm
rust-doc-1.66.1-2.el9_2.ppc64le.rpm
rust-std-static-1.66.1-2.el9_2.ppc64le.rpm
rust-toolset-1.66.1-2.el9_2.ppc64le.rpm
rustfmt-1.66.1-2.el9_2.ppc64le.rpm
rustfmt-debuginfo-1.66.1-2.el9_2.ppc64le.rpm

s390x:
cargo-1.66.1-2.el9_2.s390x.rpm
cargo-debuginfo-1.66.1-2.el9_2.s390x.rpm
clippy-1.66.1-2.el9_2.s390x.rpm
clippy-debuginfo-1.66.1-2.el9_2.s390x.rpm
rust-1.66.1-2.el9_2.s390x.rpm
rust-analysis-1.66.1-2.el9_2.s390x.rpm
rust-analyzer-1.66.1-2.el9_2.s390x.rpm
rust-analyzer-debuginfo-1.66.1-2.el9_2.s390x.rpm
rust-debuginfo-1.66.1-2.el9_2.s390x.rpm
rust-debugsource-1.66.1-2.el9_2.s390x.rpm
rust-doc-1.66.1-2.el9_2.s390x.rpm
rust-std-static-1.66.1-2.el9_2.s390x.rpm
rust-toolset-1.66.1-2.el9_2.s390x.rpm
rustfmt-1.66.1-2.el9_2.s390x.rpm
rustfmt-debuginfo-1.66.1-2.el9_2.s390x.rpm

x86_64:
cargo-1.66.1-2.el9_2.x86_64.rpm
cargo-debuginfo-1.66.1-2.el9_2.i686.rpm
cargo-debuginfo-1.66.1-2.el9_2.x86_64.rpm
clippy-1.66.1-2.el9_2.x86_64.rpm
clippy-debuginfo-1.66.1-2.el9_2.i686.rpm
clippy-debuginfo-1.66.1-2.el9_2.x86_64.rpm
rust-1.66.1-2.el9_2.x86_64.rpm
rust-analysis-1.66.1-2.el9_2.x86_64.rpm
rust-analyzer-1.66.1-2.el9_2.x86_64.rpm
rust-analyzer-debuginfo-1.66.1-2.el9_2.i686.rpm
rust-analyzer-debuginfo-1.66.1-2.el9_2.x86_64.rpm
rust-debuginfo-1.66.1-2.el9_2.i686.rpm
rust-debuginfo-1.66.1-2.el9_2.x86_64.rpm
rust-debugsource-1.66.1-2.el9_2.i686.rpm
rust-debugsource-1.66.1-2.el9_2.x86_64.rpm
rust-doc-1.66.1-2.el9_2.x86_64.rpm
rust-std-static-1.66.1-2.el9_2.i686.rpm
rust-std-static-1.66.1-2.el9_2.x86_64.rpm
rust-toolset-1.66.1-2.el9_2.x86_64.rpm
rustfmt-1.66.1-2.el9_2.x86_64.rpm
rustfmt-debuginfo-1.66.1-2.el9_2.i686.rpm
rustfmt-debuginfo-1.66.1-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38497
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oyDAAoJENzjgjWX9erENoQP/jTfkxW4QnmAoKoj/RfesY37
Z17/QgOELXVroRlDG0QEPxLccxa1M8FOH+uoJtCOypm65WT3BM/+6oCfMJnycee8
aGWuo3KN8aY0P8KO83zFWzjgrJznzqa96JRclSVnSlugZ+SUvCSS/1+J/XLMDUIN
TGhVVwbweep8w1+u05d8OWRlbZcMVkHVJf0WQksVKECxgCuYddDYAGTYRlMohxVm
IPE84HHBFD/iA4Hg89b9c5u6SCLrNj16p/pvn5vldWDEU6Vf31BAH2uAt2d1lGWk
LFWNfbg7tC0/8RGq+xnmtdnpHFaSY1dpHqZiIRgvjKReq35h47esptuIWs1dwaZ6
x9SWXqVHjVz87R1mcFsKhlY7I4l5vEC5lAfjX5fNOnhVbjou9gmmsMsUFpYU+1XV
uJGAGZ/rMbqz/G0FyeCd14qTqZATf86BgKmqcSuHu3zMx2y8+59PqgBhYBGzN3Tu
F2TkuUDD8pNQMsmE7qIzZK3/SGb0DgpMQOScs9fmEubsyeODKDG/2EV8zrF7d2nO
Sr+hQntTAhzB4L+CaFNRNo+rbcbOOidgPK60MOaXux7vwf5Wyahbx9qzghfUBLVc
QnTCU+bhq/u0GIo/SFh6zRoyhfGqdeIv1Ychlkc9CvsKLM9GUhiuFhoHKewqXQL5
L1GELcNRzWCW0SpJXtOn
=RO5t
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

Red Hat Security Advisory 2023-4634-01

Red Hat Security Advisory 2023-4634-01

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Red Hat Security Advisory 2023-4634-01

Share This

Red Hat Security Advisory 2023-4634-01

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems