ALSA-2021:4590

[ALSA-2021:4590] Moderate: rust-toolset:rhel8 security update

Type:

security

Severity:

moderate

Release date:

2021-11-12

Description:

Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. 

Security Fix(es):

* Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574)

The following changes were introduced in rust in order to facilitate detection of BiDi Unicode characters:

Rust introduces two new lints to detect and reject code containing the affected codepoints. These new deny-by-default lints detect affected codepoints in string literals and comments. The lints will prevent source code file containing these codepoints from being compiled. If your code has legitimate uses for the codepoints we recommend replacing them with the related escape sequence. The error messages will suggest the right escapes to use.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

CVE-2021-42574

Updated packages listed below:

Architecture	Package	Checksum
noarch	rust-debugger-common-1.54.0-3.module_el8.5.0+2599+d655d86c.noarch.rpm	14a44c71683307ce6d6ef674b53c1524283aa861743da869863eea80b12d342a
noarch	cargo-doc-1.54.0-3.module_el8.5.0+2599+d655d86c.noarch.rpm	330c69b5464051c55c256d8286d15caa651a66c94ab06ad9c5e1dd9f0f9a8a8a
noarch	rust-src-1.54.0-3.module_el8.5.0+2599+d655d86c.noarch.rpm	365cb41a369687965752f0a474b4812e1f29b3bf61deae1a4eebab234ce09b32
noarch	rust-lldb-1.54.0-3.module_el8.5.0+2599+d655d86c.noarch.rpm	5ec76565aeedc23c08fc105748ef3be49c2437c7dfb5d8d530384caa04b5c7c0
noarch	rust-gdb-1.54.0-3.module_el8.5.0+2599+d655d86c.noarch.rpm	5f92c0457086c25988349416f943c085f0f4d9ff4041f9cd151839d9fe0f95f6
x86_64	rust-std-static-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	28d05d0690f53a8b67a5f4dc1f60614419bc2a02e819b8edd4a4d8ea31d7f8ac
x86_64	rust-std-static-wasm32-unknown-unknown-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	56b7e48fa5dd5925464dec986adfdb2cf73f89ec5c0e59321ba4a49130ea4184
x86_64	rust-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	5ca81b55aaa01c8cb4eb72c1c81db8cfc3898bd107f94c40e2f92a833e027e3c
x86_64	cargo-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	783603a6c780f5345d53391269075ec261fb2a95de6208532349a6eb0046f090
x86_64	rust-analysis-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	9c6433a09bfa5a693b9426d782030f53566e8fd7597b1e00aa340c209ca31967
x86_64	rustfmt-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	b9aa4d0b17b6fbb73a42c20d8067da74dcd58250ff7b5b6f26e4c737d24cd1b7
x86_64	rust-doc-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	c5410e13378f74d076d81f9a72e1b0d626ce54be8094e3a3c1393540eb981c18
x86_64	rls-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	ccdc7f64e9fb4751ce75cf2c3290ce488e19175f5a01e28faab3ca67485a40fc
x86_64	rust-toolset-1.54.0-1.module_el8.5.0+2599+d655d86c.x86_64.rpm	dce7d72a4b478485cbd39b1999ac5d8a8c7ee6d150ec0cd07d5bae8f9bc30497
x86_64	clippy-1.54.0-3.module_el8.5.0+2599+d655d86c.x86_64.rpm	f25ef897aa853a84a0070a71fce7d735ae782f9bb166c47dedeb63e51ae2c65b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.