SUSE-SU-2018:3357-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20183357-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:3357-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:3357-1
Related
Published
2018-10-23T14:43:38Z
Modified
2018-10-23T14:43:38Z
Summary
Security update for rust
Details

This update for rust fixes the following issues:

  • CVE-2018-1000622: rustdoc loads plugins from world writable directory allowing for arbitrary code execution This patch consists of requiring --plugin-path to be passed whenever --plugin is passed Note that rustdoc plugins will be removed entirely on 1.28.0 (bsc#1100691).
References

Affected packages

SUSE:Linux Enterprise Module for Development Tools 15 / rust

Package

Name
rust
Purl
purl:rpm/suse/rust&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.24.1-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "rust-std": "1.24.1-3.6.1",
            "rust": "1.24.1-3.6.1"
        }
    ]
}