# Security update for rust, rust1.72

Announcement ID: SUSE-SU-2023:3722-1  
Rating: moderate  
References:

  * #1214689

  
Cross-References:

  * CVE-2023-40030

  
CVSS scores:

  * CVE-2023-40030 ( SUSE ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2023-40030 ( NVD ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

  
Affected Products:

  * Development Tools Module 15-SP4
  * Development Tools Module 15-SP5
  * openSUSE Leap 15.4
  * openSUSE Leap 15.5
  * SUSE Linux Enterprise Desktop 15 SP4
  * SUSE Linux Enterprise Desktop 15 SP5
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Real Time 15 SP5
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for rust, rust1.72 fixes the following issues:

Changes in rust:

  * Update to version 1.72.0 - for details see the rust1.72 package

Changes in rust1.72:

  * CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)

# Version 1.72.0 (2023-08-24)

## Language

  * Replace const eval limit by a lint and add an exponential backoff warning
  * expand: Change how `#![cfg(FALSE)]` behaves on crate root
  * Stabilize inline asm for LoongArch64
  * Uplift `clippy::undropped_manually_drops` lint
  * Uplift `clippy::invalid_utf8_in_unchecked` lint
  * Uplift `clippy::cast_ref_to_mut` lint
  * Uplift `clippy::cmp_nan` lint
  * resolve: Remove artificial import ambiguity errors
  * Don't require associated types with Self: Sized bounds in `dyn Trait`
    objects

## Compiler

  * Remember names of `cfg`-ed out items to mention them in diagnostics
  * Support for native WASM exceptions
  * Add support for NetBSD/aarch64-be (big-endian arm64).
  * Write to stdout if `-` is given as output file
  * Force all native libraries to be statically linked when linking a static
    binary
  * Add Tier 3 support for `loongarch64-unknown-none*`
  * Prevent `.eh_frame` from being emitted for `-C panic=abort`
  * Support 128-bit enum variant in debuginfo codegen
  * compiler: update solaris/illumos to enable tsan support.

Refer to Rust's platform support page for more information on Rust's tiered
platform support.

## Libraries

  * Document memory orderings of `thread::{park, unpark}`
  * io: soften ‘at most one write attempt’ requirement in io::Write::write
  * Specify behavior of HashSet::insert
  * Relax implicit `T: Sized` bounds on `BufReader`,
    `BufWriter` and `LineWriter`
  * Update runtime guarantee for `select_nth_unstable`
  * Return `Ok` on kill if process has already exited
  * Implement PartialOrd for `Vec`s over different allocators
  * Use 128 bits for TypeId hash
  * Don't drain-on-drop in DrainFilter impls of various collections.
  * Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata

## Rustdoc

  * Allow whitespace as path separator like double colon
  * Add search result item types after their name
  * Search for slices and arrays by type with `[]`
  * Clean up type unification and "unboxing"

## Stabilized APIs

  * `impl Sync for mpsc::Sender`
  * `impl TryFrom<&OsStr> for &str`
  * `String::leak`

These APIs are now stable in const contexts:

  * `CStr::from_bytes_with_nul`
  * `CStr::to_bytes`
  * `CStr::to_bytes_with_nul`
  * `CStr::to_str`

## Cargo

  * Enable `-Zdoctest-in-workspace` by default. When running each documentation
    test, the working directory is set to the root directory of the package the
    test belongs to.
  * Add support of the "default" keyword to reset previously set `build.jobs`
    parallelism back to the default.

## Compatibility Notes

  * Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses
  * Cargo changed feature name validation check to a hard error. The warning was
    added in Rust 1.49. These extended characters aren't allowed on crates.io,
    so this should only impact users of other registries, or people who don't
    publish to a registry.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2023-3722=1 openSUSE-SLE-15.4-2023-3722=1

  * openSUSE Leap 15.5  
    zypper in -t patch openSUSE-SLE-15.5-2023-3722=1

  * Development Tools Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3722=1

  * Development Tools Module 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3722=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
    * cargo1.72-1.72.0-150400.9.3.1
    * cargo1.72-debuginfo-1.72.0-150400.9.3.1
    * rust1.72-debuginfo-1.72.0-150400.9.3.1
    * cargo-1.72.0-150400.24.24.1
    * rust-1.72.0-150400.24.24.1
  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc)
    * rust1.72-1.72.0-150400.9.3.1
  * openSUSE Leap 15.4 (nosrc)
    * rust1.72-test-1.72.0-150400.9.3.1
  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    * cargo1.72-1.72.0-150400.9.3.1
    * cargo1.72-debuginfo-1.72.0-150400.9.3.1
    * rust1.72-debuginfo-1.72.0-150400.9.3.1
    * cargo-1.72.0-150400.24.24.1
    * rust-1.72.0-150400.24.24.1
  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc)
    * rust1.72-1.72.0-150400.9.3.1
  * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * cargo1.72-1.72.0-150400.9.3.1
    * cargo1.72-debuginfo-1.72.0-150400.9.3.1
    * rust1.72-debuginfo-1.72.0-150400.9.3.1
    * cargo-1.72.0-150400.24.24.1
    * rust-1.72.0-150400.24.24.1
  * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc)
    * rust1.72-1.72.0-150400.9.3.1
  * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64)
    * cargo1.72-1.72.0-150400.9.3.1
    * cargo1.72-debuginfo-1.72.0-150400.9.3.1
    * rust1.72-debuginfo-1.72.0-150400.9.3.1
    * cargo-1.72.0-150400.24.24.1
    * rust-1.72.0-150400.24.24.1
  * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc)
    * rust1.72-1.72.0-150400.9.3.1

## References:

  * https://www.suse.com/security/cve/CVE-2023-40030.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1214689

openSUSE: 2023:3722-1: moderate: rust, rust1.72 Security Advisory Update

September 21, 2023
This update for rust, rust1.72 fixes the following issues: Changes in rust:

Description

This update for rust, rust1.72 fixes the following issues: Changes in rust: * Update to version 1.72.0 - for details see the rust1.72 package Changes in rust1.72: * CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689) # Version 1.72.0 (2023-08-24) ## Language * Replace const eval limit by a lint and add an exponential backoff warning * expand: Change how `#![cfg(FALSE)]` behaves on crate root * Stabilize inline asm for LoongArch64 * Uplift `clippy::undropped_manually_drops` lint * Uplift `clippy::invalid_utf8_in_unchecked` lint * Uplift `clippy::cast_ref_to_mut` lint * Uplift `clippy::cmp_nan` lint * resolve: Remove artificial import ambiguity errors * Don't require associated types with Self: Sized bounds in `dyn Trait` objects ## Compiler * Remember names of `cfg`-ed out items to mention them in diagnostics * Support for native WASM exceptions * Add support for NetBSD/aarch64-be (big-endian arm64). * Write to stdout if `-` is given...

Read the Full Advisory

 

Patch

## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-3722=1 openSUSE-SLE-15.4-2023-3722=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-3722=1 * Development Tools Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-3722=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2023-3722=1


Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586) * cargo1.72-1.72.0-150400.9.3.1 * cargo1.72-debuginfo-1.72.0-150400.9.3.1 * rust1.72-debuginfo-1.72.0-150400.9.3.1 * cargo-1.72.0-150400.24.24.1 * rust-1.72.0-150400.24.24.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586 nosrc) * rust1.72-1.72.0-150400.9.3.1 * openSUSE Leap 15.4 (nosrc) * rust1.72-test-1.72.0-150400.9.3.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * cargo1.72-1.72.0-150400.9.3.1 * cargo1.72-debuginfo-1.72.0-150400.9.3.1 * rust1.72-debuginfo-1.72.0-150400.9.3.1 * cargo-1.72.0-150400.24.24.1 * rust-1.72.0-150400.24.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.72-1.72.0-150400.9.3.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64) * cargo1.72-1.72.0-150400.9.3.1 * cargo1.72-debuginfo-1.72.0-150400.9.3.1 * rust1.72-debuginfo-1.72.0-150400.9.3.1 * cargo-1.72.0-150400.24.24.1 * rust-1.72.0-150400.24.24.1 * Development Tools Module 15-SP4 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.72-1.72.0-150400.9.3.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * cargo1.72-1.72.0-150400.9.3.1 * cargo1.72-debuginfo-1.72.0-150400.9.3.1 * rust1.72-debuginfo-1.72.0-150400.9.3.1 * cargo-1.72.0-150400.24.24.1 * rust-1.72.0-150400.24.24.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64 nosrc) * rust1.72-1.72.0-150400.9.3.1


References

* #1214689 ## References: * https://www.suse.com/security/cve/CVE-2023-40030.html * https://bugzilla.suse.com/show_bug.cgi?id=1214689


Severity
Announcement ID: SUSE-SU-2023:3722-1
Rating: moderate

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved