Updated rust packages fix security vulnerability
Publication date: 20 Nov 2021Modification date: 20 Nov 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-42574
Description
Updated rust packages fix security vulnerability
This update mitigates a security concern in the Unicode standard, affecting
source code containing "bidirectional override" Unicode codepoints: in some
cases the use of those codepoints could lead to the reviewed code being
different than the compiled code (CVE-2021-42574).
rustc mitigates the issue by issuing two new deny-by-default lints detecting
the affected codepoints in string literals and in comments. The lints will
prevent source code files containing those codepoints from being compiled,
protecting developers and users from the attack.
This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.51.1. See the referenced release notes for
details.
References
- https://bugs.mageia.org/show_bug.cgi?id=29616
- https://www.openwall.com/lists/oss-security/2021/11/01/1
- https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
- https://blog.rust-lang.org/2021/06/17/Rust-1.53.0.html
- https://blog.rust-lang.org/2021/07/29/Rust-1.54.0.html
- https://blog.rust-lang.org/2021/09/09/Rust-1.55.0.html
- https://blog.rust-lang.org/2021/10/21/Rust-1.56.0.html
- https://blog.rust-lang.org/2021/11/01/Rust-1.56.1.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574
SRPMS
8/core
- rust-1.56.1-1.mga8