GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Dec 30, 2018 10:26 pm Post subject: [ GLSA 201812-11 ] Rust |
|
|
Gentoo Linux Security Advisory
Title: Rust: Multiple vulnerabilities (GLSA 201812-11)
Severity: normal
Exploitable: local, remote
Date: 2018-12-30
Bug(s): #662904
ID: 201812-11
Synopsis
Multiple vulnerabilities have been found in Rust, the worst which
may allow local attackers to execute arbitrary code.
Background
A systems programming language that runs blazingly fast, prevents
segfaults, and guarantees thread safety.
Affected Packages
Package: dev-lang/rust
Vulnerable: < 1.29.1
Unaffected: >= 1.29.1
Architectures: All supported architectures
Package: dev-lang/rust-bin
Vulnerable: < 1.29.1
Unaffected: >= 1.29.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Rust. Please review the
CVE identifiers referenced below for details.
Impact
A remote attacker able to control the value passed to Rust’s
str::repeat function could possibly cause a Denial of Service condition.
In addition, a local attacker could trick another user into executing
arbitrary code when using rustdoc.
Workaround
There is no known workaround at this time.
Resolution
All Rust users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/rust-1.29.1"
| All Rust binary users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.29.1"
|
References
CVE-2018-1000622
CVE-2018-1000810
|
|