| Summary: | rust new buffer overflow security issue in in str::repeat (CVE-2018-1000810) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | andrewsfarm, sysadmin-bugs, tarazed25, tmb |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-64-OK | ||
| Source RPM: | rust-1.29.1-1.mga7.src.rpm | CVE: | CVE-2018-1000810 |
| Status comment: | |||
|
Description
David Walser
2018-10-16 00:10:06 CEST
David Walser
2018-10-16 00:10:14 CEST
Whiteboard:
(none) =>
MGA6TOO This Fedora advisory is quite late (F29 updates were in freeze/slow mode during release time), I've already fixed this in Cauldron with rust-1.29.1-1.mga7. I've also pushed a fix for mga6 at that time but it seems like I forgot to open a bug report and assign it to QA, so I'll add this here. Version:
Cauldron =>
6 Advisory: ========= Updated rust packages fix security vulnerability The Rust Programming Language Standard Library before version 1.29.1 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in the standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer (CVE-2018-1000810). This update fixes the vulnerability by backporting the patch to the 1.28.0 release. Reference: - https://blog.rust-lang.org/2018/09/21/Security-advisory-for-std.html - https://groups.google.com/forum/#!topic/rustlang-security-announcements/CmSuTm-SaU0 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810 SRPM in core/updates_testing: ============================= rust-1.28.0-1.2.mga6 RPMs in core/updates_testing: ============================= cargo-1.28.0-1.2.mga6 cargo-doc-1.28.0-1.2.mga6 rust-1.28.0-1.2.mga6 rust-analysis-1.28.0-1.2.mga6 rust-debugger-common-1.28.0-1.2.mga6 rust-doc-1.28.0-1.2.mga6 rust-gdb-1.28.0-1.2.mga6 rust-lldb-1.28.0-1.2.mga6 rust-src-1.28.0-1.2.mga6 rust-std-static-1.28.0-1.2.mga6 rls-preview-0.128.0-1.2.mga6 rustfmt-preview-0.8.2-1.2.mga6 Testing procedure: ================== Bug 22882 comment 1. Assignee:
rverschelde =>
qa-bugs Mageia 6, x86_64
Packages updated cleanly.
Referred to the test procedure.
$ cargo install ripgrep --force
Updating registry `https://github.com/rust-lang/crates.io-index`
Downloading ripgrep v0.10.0
Installing ripgrep v0.10.0
[...]
Compiling grep v0.2.3
Finished release [optimized + debuginfo] target(s) in 1m 41s
Replacing /home/lcl/.cargo/bin/rg
warning: be sure to add `/home/lcl/.cargo/bin` to your PATH to be able to run the installed binaries
$ export PATH=${PATH}:/home/lcl/.cargo/bin
Logged in as lcl.
$ rg --version
ripgrep 0.10.0
-SIMD -AVX (compiled)
+SIMD +AVX (runtime)
$ rg cargo
text/notes.vega
2039:rice, and soya beans. Only the transport of bulk cargoes was
ruby/docs/gemlist
3457:cargo (0.0.1)
[...]
qa/rust/rust-hello_world/failure
4:error: failed to compile `rustfmt-nightly v0.8.3`, intermediate artifacts can be found at `/tmp/cargo-installwZm5ug`
Slight departure here:
$ cd rust-hello_world/
$ cargo run
Compiling hello_world v0.0.1 (file:///home/lcl/qa/rust/rust-hello_world)
Finished dev [unoptimized + debuginfo] target(s) in 0.92s
Running `target/debug/hello_world`
Hello World!
I'm a Rustacean!
$ rustfmt -v src/main.rs
Formatting /home/lcl/qa/rust/rust-hello_world/src/main.rs
Spent 0.000 secs in the parsing phase, and 0.000 secs in the formatting phase
That all looks in order.
Good for 64-bits.Whiteboard:
(none) =>
MGA6-64-OK Len's tests, as always, look good enough to me. Validating. Advisory in Comment 2. Keywords:
(none) =>
validated_update
Thomas Backlund
2018-10-19 18:27:40 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0407.html Status:
NEW =>
RESOLVED |