SUSE-SU-2023:3722-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2023/suse-su-20233722-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:3722-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:3722-1
Related
Published
2023-09-21T08:53:26Z
Modified
2023-09-21T08:53:26Z
Summary
Security update for rust, rust1.72
Details

This update for rust, rust1.72 fixes the following issues:

Changes in rust:

  • Update to version 1.72.0 - for details see the rust1.72 package

Changes in rust1.72:

  • CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)

Version 1.72.0 (2023-08-24)

Language

  • Replace const eval limit by a lint and add an exponential backoff warning
  • expand: Change how #![cfg(FALSE)] behaves on crate root
  • Stabilize inline asm for LoongArch64
  • Uplift clippy::undropped_manually_drops lint
  • Uplift clippy::invalid_utf8_in_unchecked lint
  • Uplift clippy::cast_ref_to_mut lint
  • Uplift clippy::cmp_nan lint
  • resolve: Remove artificial import ambiguity errors
  • Don't require associated types with Self: Sized bounds in dyn Trait objects

Compiler

  • Remember names of cfg-ed out items to mention them in diagnostics
  • Support for native WASM exceptions
  • Add support for NetBSD/aarch64-be (big-endian arm64).
  • Write to stdout if - is given as output file
  • Force all native libraries to be statically linked when linking a static binary
  • Add Tier 3 support for loongarch64-unknown-none*
  • Prevent .eh_frame from being emitted for -C panic=abort
  • Support 128-bit enum variant in debuginfo codegen
  • compiler: update solaris/illumos to enable tsan support.

Refer to Rust's platform support page for more information on Rust's tiered platform support.

Libraries

  • Document memory orderings of thread::{park, unpark}
  • io: soften ‘at most one write attempt’ requirement in io::Write::write
  • Specify behavior of HashSet::insert
  • Relax implicit T: Sized bounds on BufReader<T>, BufWriter<T> and LineWriter<T>
  • Update runtime guarantee for select_nth_unstable
  • Return Ok on kill if process has already exited
  • Implement PartialOrd for Vecs over different allocators
  • Use 128 bits for TypeId hash
  • Don't drain-on-drop in DrainFilter impls of various collections.
  • Make {Arc,Rc,Weak}::ptr_eq ignore pointer metadata

Rustdoc

  • Allow whitespace as path separator like double colon
  • Add search result item types after their name
  • Search for slices and arrays by type with []
  • Clean up type unification and 'unboxing'

Stabilized APIs

  • impl&lt;T: Send> Sync for mpsc::Sender<T>
  • impl TryFrom<&OsStr> for &str
  • String::leak

These APIs are now stable in const contexts:

  • CStr::from_bytes_with_nul
  • CStr::to_bytes
  • CStr::to_bytes_with_nul
  • CStr::to_str

Cargo

  • Enable -Zdoctest-in-workspace by default. When running each documentation test, the working directory is set to the root directory of the package the test belongs to.
  • Add support of the 'default' keyword to reset previously set build.jobs parallelism back to the default.

Compatibility Notes

  • Alter Display for Ipv6Addr for IPv4-compatible addresses
  • Cargo changed feature name validation check to a hard error. The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io, so this should only impact users of other registries, or people who don't publish to a registry.
References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 SP4 / rust

Package

Name
rust
Purl
pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.24.24.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP4 / rust1.72

Package

Name
rust1.72
Purl
pkg:rpm/suse/rust1.72&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.9.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP5 / rust

Package

Name
rust
Purl
pkg:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.24.24.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

SUSE:Linux Enterprise Module for Development Tools 15 SP5 / rust1.72

Package

Name
rust1.72
Purl
pkg:rpm/suse/rust1.72&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.9.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

openSUSE:Leap 15.4 / rust

Package

Name
rust
Purl
pkg:rpm/opensuse/rust&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.24.24.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

openSUSE:Leap 15.4 / rust1.72

Package

Name
rust1.72
Purl
pkg:rpm/opensuse/rust1.72&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.9.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

openSUSE:Leap 15.5 / rust

Package

Name
rust
Purl
pkg:rpm/opensuse/rust&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.24.24.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}

openSUSE:Leap 15.5 / rust1.72

Package

Name
rust1.72
Purl
pkg:rpm/opensuse/rust1.72&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.72.0-150400.9.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "rust1.72": "1.72.0-150400.9.3.1",
            "cargo1.72": "1.72.0-150400.9.3.1",
            "cargo": "1.72.0-150400.24.24.1",
            "rust": "1.72.0-150400.24.24.1"
        }
    ]
}