pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2021-1775/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

178 lines
7.3 KiB
JSON
Raw Blame History

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20211775",
"Version": "oval:org.altlinux.errata:def:20211775",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2021-1775: package `rust` update to version 1.52.0-alt1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2021-1775",
"RefURL": "https://errata.altlinux.org/ALT-PU-2021-1775",
"Source": "ALTPU"
},
{
"RefID": "CVE-2020-36323",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-36323",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28876",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28876",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28878",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28878",
"Source": "CVE"
},
{
"RefID": "CVE-2021-28879",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-28879",
"Source": "CVE"
},
{
"RefID": "CVE-2021-31162",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2021-31162",
"Source": "CVE"
}
],
"Description": "This update upgrades rust to version 1.52.0-alt1. \nSecurity Fix(es):\n\n * CVE-2020-36323: In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.\n\n * CVE-2021-28876: In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.\n\n * CVE-2021-28878: In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait.\n\n * CVE-2021-28879: In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.\n\n * CVE-2021-31162: In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2021-05-09"
},
"Updated": {
"Date": "2021-05-09"
},
"BDUs": null,
"CVEs": [
{
"ID": "CVE-2020-36323",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"CWE": "CWE-134",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-36323",
"Impact": "High",
"Public": "20210414"
},
{
"ID": "CVE-2021-28876",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"CWE": "CWE-755",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28876",
"Impact": "Low",
"Public": "20210411"
},
{
"ID": "CVE-2021-28878",
"CVSS": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28878",
"Impact": "High",
"Public": "20210411"
},
{
"ID": "CVE-2021-28879",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-28879",
"Impact": "Critical",
"Public": "20210411"
},
{
"ID": "CVE-2021-31162",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2021-31162",
"Impact": "Critical",
"Public": "20210414"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:4001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20211775001",
"Comment": "clippy is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775002",
"Comment": "rls is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775003",
"Comment": "rust is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775004",
"Comment": "rust-analysis is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775005",
"Comment": "rust-cargo is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775006",
"Comment": "rust-cargo-doc is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775007",
"Comment": "rust-doc is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775008",
"Comment": "rust-gdb is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775009",
"Comment": "rust-src is earlier than 1:1.52.0-alt1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20211775010",
"Comment": "rustfmt is earlier than 1:1.52.0-alt1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink