RLSA-2021:3063

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

The following packages have been upgraded to a later upstream version: rust (1.52.1). (BZ#1953002)

Security Fix(es):

• rust: optimization for joining strings can cause uninitialized bytes to be exposed (CVE-2020-36323)

• rust: heap-based buffer overflow in readtoend() because it does not validate the return value from Read in an unsafe context (CVE-2021-28875)

• rust: panic safety issue in Zip implementation (CVE-2021-28876)

• rust: memory safety violation in Zip implementation for nested iter::Zips (CVE-2021-28877)

• rust: memory safety violation in Zip implementation when next_back() and next() are used together (CVE-2021-28878)

• rust: integer overflow in the Zip implementation can lead to a buffer overflow (CVE-2021-28879)

• rust: double free in Vec::from_iter function if freeing the element panics (CVE-2021-31162)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

For information on usage, see Using Rust Toolset linked in the References section.