Advisories » MGASA-2018-0318

Updated rust packages fix security vulnerability

Publication date: 23 Jul 2018
Modification date: 23 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1000622

Description

 The Rust Programming Language rustdoc version before version 1.27.0 contains
 a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins
 that can result in local code execution as a different user. This attack
 appear to be exploitable via using the --plugin flag without the --plugin-path 
 flag. This vulnerability has been fixed in 1.27.1 (CVE-2018-1000622).

 This update also fixes a bug in the borrow checker verification of match
 expressions.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23328
• https://blog.rust-lang.org/2018/07/06/security-advisory-for-rustdoc.html
• https://blog.rust-lang.org/2018/07/10/Rust-1.27.1.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622

SRPMS

6/core

• rust-1.27.1-1.1.mga6