Test ID:	1.3.6.1.4.1.25623.1.0.853254
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for rust, (openSUSE-SU-2020:0933-1)
Summary:	The remote host is missing an update for the 'rust, '; package(s) announced via the openSUSE-SU-2020:0933-1 advisory.
Description:	Summary: The remote host is missing an update for the 'rust, ' package(s) announced via the openSUSE-SU-2020:0933-1 advisory. Vulnerability Insight: This update for rust, rust-cbindgen fixes the following issues: rust was updated for use by Firefox 76ESR. - Fixed miscompilations with rustc 1.43 that lead to LTO failures (bsc#1173202) Update to version 1.43.1 - Updated openssl-src to 1.1.1g for CVE-2020-1967. - Fixed the stabilization of AVX-512 features. - Fixed `cargo package --list` not working with unpublished dependencies. Update to version 1.43.0 + Language: - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having the type inferred correctly. - Attributes such as `#[cfg()]` can now be used on `if` expressions. - Syntax only changes: * Allow `type Foo: Ord` syntactically. * Fuse associated and extern items up to defaultness. * Syntactically allow `self` in all `fn` contexts. * Merge `fn` syntax + cleanup item parsing. * `item` macro fragments can be interpolated into `trait`s, `impl`s, and `extern` blocks. For example, you may now write: ```rust macro_rules! mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {} } ``` * These are still rejected *semantically*, so you will likely receive an error but these changes can be seen and parsed by macros and conditional compilation. + Compiler - You can now pass multiple lint flags to rustc to override the previous flags. For example, `rustc -D unused -A unused-variables` denies everything in the `unused` lint group except `unused-variables` which is explicitly allowed. However, passing `rustc -A unused-variables -D unused` denies everything in the `unused` lint group **including** `unused-variables` since the allow flag is specified before the deny flag (and therefore overridden). - rustc will now prefer your system MinGW libraries over its bundled libraries if they are available on `windows-gnu`. - rustc now buffers errors/warnings printed in JSON. Libraries: - `Arc<[T, N]>`, `Box<[T, N]>`, and `Rc<[T, N]>`, now implement `TryFrom>`, `TryFrom>`, and `TryFrom>` respectively. **Note** These conversions are only available when `N` is `0..=32`. - You can now use associated constants on floats and integers directly, rather than having to import the module. e.g. You can now write `u32::MAX` or `f32::NAN` with no imports. - `u8::is_ascii` is now `const`. - `String` now implements `AsMut`. - Added the `primitive` module to `std` and `core`. This module reexports Rust's primitive types. This is mainly useful in macros where you want avoid these types being shadowed. - Relaxed some of the trait bounds on `HashMap` and `HashSe ... Description truncated. Please see the references for more information. Affected Software/OS: 'rust, ' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-1967 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44440 https://security.netapp.com/advisory/ntap-20200424-0003/ https://security.netapp.com/advisory/ntap-20200717-0004/ https://www.openssl.org/news/secadv/20200421.txt https://www.synology.com/security/advisory/Synology_SA_20_05 https://www.synology.com/security/advisory/Synology_SA_20_05_OpenSSL https://www.tenable.com/security/tns-2020-03 https://www.tenable.com/security/tns-2020-04 https://www.tenable.com/security/tns-2020-11 https://www.tenable.com/security/tns-2021-10 Debian Security Information: DSA-4661 (Google Search) https://www.debian.org/security/2020/dsa-4661 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EXDDAOWSAIEFQNBHWYE6PPYFV4QXGMCD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDHOAATPWJCXRNFMJ2SASDBBNU5RJONY/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XVEP3LAK4JSPRXFO4QF4GG2IVXADV3SO/ FreeBSD Security Advisory: FreeBSD-SA-20:11 https://security.FreeBSD.org/advisories/FreeBSD-SA-20:11.openssl.asc http://seclists.org/fulldisclosure/2020/May/5 https://security.gentoo.org/glsa/202004-10 http://packetstormsecurity.com/files/157527/OpenSSL-signature_algorithms_cert-Denial-Of-Service.html https://github.com/irsl/CVE-2020-1967 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security-alerts/cpujul2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/security-alerts/cpuoct2021.html http://www.openwall.com/lists/oss-security/2020/04/22/2 https://lists.apache.org/thread.html/r66ea9c436da150683432db5fbc8beb8ae01886c6459ac30c2cea7345@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r9a41e304992ce6aec6585a87842b4f2e692604f5c892c37e3b0587ee@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r94d6ac3f010a38fccf4f432b12180a13fa1cf303559bd805648c9064@%3Cdev.tomcat.apache.org%3E SuSE Security Announcement: openSUSE-SU-2020:0933 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html SuSE Security Announcement: openSUSE-SU-2020:0945 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.