MGASA-2025-0136
- Source
- https://advisories.mageia.org/MGASA-2025-0136.html
- Import Source
- https://advisories.mageia.org/MGASA-2025-0136.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2025-0136
- Related
- Published
- 2025-04-17T17:37:29Z
- Modified
- 2025-04-17T17:02:46Z
- Summary
- Updated rust packages fix security vulnerability
- Details
-
The Rust Security Response WG was notified that the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command API. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical if you are invoking batch files on Windows with untrusted arguments. No other platform or use is affected. We update to rust 1.78.0 for future mesa updates in mageia 9.
- References
-
- https://advisories.mageia.org/MGASA-2025-0136.html
- https://bugs.mageia.org/show_bug.cgi?id=34107
- http://www.openwall.com/lists/oss-security/2024/04/09/16
- https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/
- https://blog.rust-lang.org/2024/04/09/cve-2024-24576/
- https://github.com/rust-lang/rust/releases/tag/1.78.0
- https://github.com/rust-lang/rust/releases/tag/1.77.2
- https://github.com/rust-lang/rust/releases/tag/1.77.1
- https://github.com/rust-lang/rust/releases/tag/1.77.0
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / rust
Package
- Name
- rust
- Purl
- pkg:rpm/mageia/rust?distro=mageia-9