Amazon Linux 2 Security Advisory: ALAS-2022-1817
Advisory Release Date: 2022-07-06 03:16 Pacific
Advisory Updated Date: 2022-07-14 21:45 Pacific
Severity:
Medium
Issue Overview:
A race condition flaw was found in Rust's std::fs::remove_dir_all function. Rust applications that use this function may be vulnerable to a race condition where an unprivileged attacker can trick the application into deleting files and directories, causing an impact on system data integrity. If the application is privileged, an attacker can possibly delete files they would not usually have access to. (CVE-2022-21658)
Affected Packages:
rust
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update rust to update your system.
New Packages:
aarch64:
rust-1.61.0-2.amzn2.0.1.aarch64
rust-std-static-1.61.0-2.amzn2.0.1.aarch64
rust-doc-1.61.0-2.amzn2.0.1.aarch64
cargo-1.61.0-2.amzn2.0.1.aarch64
rustfmt-1.61.0-2.amzn2.0.1.aarch64
rls-1.61.0-2.amzn2.0.1.aarch64
clippy-1.61.0-2.amzn2.0.1.aarch64
rust-analysis-1.61.0-2.amzn2.0.1.aarch64
rust-debuginfo-1.61.0-2.amzn2.0.1.aarch64
noarch:
rust-debugger-common-1.61.0-2.amzn2.0.1.noarch
rust-gdb-1.61.0-2.amzn2.0.1.noarch
cargo-doc-1.61.0-2.amzn2.0.1.noarch
rust-src-1.61.0-2.amzn2.0.1.noarch
src:
rust-1.61.0-2.amzn2.0.1.src
x86_64:
rust-1.61.0-2.amzn2.0.1.x86_64
rust-std-static-1.61.0-2.amzn2.0.1.x86_64
rust-doc-1.61.0-2.amzn2.0.1.x86_64
cargo-1.61.0-2.amzn2.0.1.x86_64
rustfmt-1.61.0-2.amzn2.0.1.x86_64
rls-1.61.0-2.amzn2.0.1.x86_64
clippy-1.61.0-2.amzn2.0.1.x86_64
rust-analysis-1.61.0-2.amzn2.0.1.x86_64
rust-debuginfo-1.61.0-2.amzn2.0.1.x86_64