Gentoo alert 202409-07 (Rust)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202409-07 ] Rust: Multiple Vulnerabilities | |
| Date: | Sun, 22 Sep 2024 06:09:04 -0000 | |
| Message-ID: | <172698534488.7.11136043592089043638@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Rust: Multiple Vulnerabilities Date: September 22, 2024 Bugs: #890371, #911685 ID: 202409-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in Rust, the worst of which could lead to arbitrary code execution. Background ========== A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Affected packages ================= Package Vulnerable Unaffected ----------------- ------------ ------------ dev-lang/rust < 1.71.1 >= 1.71.1 dev-lang/rust-bin < 1.71.1 >= 1.71.1 Description =========== Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Rust binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/rust-bin-1.71.1" All Rust users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/rust-1.71.1" References ========== [ 1 ] CVE-2022-46176 https://nvd.nist.gov/vuln/detail/CVE-2022-46176 [ 2 ] CVE-2023-38497 https://nvd.nist.gov/vuln/detail/CVE-2023-38497 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-07 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmbvtIAACgkQFMQkOaVy +9nQrA//SntHX99nuKVgQ5eCkzm7tKDwprN8teDKvVHGLfDJ/WZ024a5XFkYjpvN tcZQz/xiUfMNQh9DjEUEyBxuPbiqJyRu5wzBlhhqXcFOCpuPsRSX6tjpH/0Dtsxv mGhvKC1RTIQyf2iPVRG0P+1kU58xbV59pnRZEFY3InMSvOuxXRz/7LseKvKSBm8k uY1cC43C3lfuH1l47Qi46ZAz00pCPUzp/q55QvanprvWQpZYswO8wOOSXrPO1pHq WXdMYm8sBlkq0mIxu1Jk89xXhlt2dXTTJ6oL5YVvXKvAI4vv7+BeBfIdCDFt406q DG3qt2YWfqQYDkxv9xapmMI8bxdjQgM6U4r1qCoJKWkFggxEcHLXGJShaVbsyMRv FSsd94lVWR4xViJIT+lSHHCqYiNyR7r1d2s11o+9+wM96VL4/Ze8/YKxwEpxyuNK Ku9xIcWiguBVqBjr+Kzz7xAlQH98PoTrDy7+ghAJk6kzU+ELi9bsFKXN8ouBC/Pz sfJAktrWjLt4VUV5CpEChFYn2sD37iIm4GacA66DayML+n7Y0I1AX4oB7gvHwxFg Np7LFxQbWag0Lb+RRWCCZJg3jBlJEBmTNTKG57KfVfE5QzR8IM3tdtbAMWtFAdQu +6hGQVVKk3kIagMUB7XhuBMfYa2OzPjNvptwlD96ndf8A4BehlA= =K7vl -----END PGP SIGNATURE-----