Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0044)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0044

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0044)

Resumen: The remote host is missing an update for the 'rust' package(s) announced via the MGASA-2022-0044 advisory.

Descripción: Summary:
The remote host is missing an update for the 'rust' package(s) announced via the MGASA-2022-0044 advisory.

Vulnerability Insight:
This update provides Rust 1.57.0 as a feature and bugfix update. See the
release notes for details.

The 'std::fs::remove_dir_all' standard library function was vulnerable a race
condition enabling symlink following (CWE-363). An attacker could use this
security issue to trick a privileged program into deleting files and
directories the attacker couldn't otherwise access or delete (CVE-2022-21658).
This vulnerability was fixed by patching Rust 1.57.0.

Affected Software/OS:
'rust' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
3.3

CVSS Vector:
AV:L/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2022-21658
https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/
https://security.gentoo.org/glsa/202210-09
https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html
https://github.com/rust-lang/rust/pull/93110
https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946
https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf
https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0044
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0044)
Resumen:	The remote host is missing an update for the 'rust' package(s) announced via the MGASA-2022-0044 advisory.
Descripción:	Summary: The remote host is missing an update for the 'rust' package(s) announced via the MGASA-2022-0044 advisory. Vulnerability Insight: This update provides Rust 1.57.0 as a feature and bugfix update. See the release notes for details. The 'std::fs::remove_dir_all' standard library function was vulnerable a race condition enabling symlink following (CWE-363). An attacker could use this security issue to trick a privileged program into deleting files and directories the attacker couldn't otherwise access or delete (CVE-2022-21658). This vulnerability was fixed by patching Rust 1.57.0. Affected Software/OS: 'rust' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 3.3 CVSS Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21658 https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/ https://security.gentoo.org/glsa/202210-09 https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html https://github.com/rust-lang/rust/pull/93110 https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946 https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714
Copyright	Copyright (C) 2022 Greenbone AG