Main Vulnerability Database SB2021080714

SB2021080714 - Fedora 34 update for rust-argh, rust-argh_derive, rust-argh_shared, rust-asyncgit, rust-bugreport, rust-crosstermion, rust-fancy-regex, rust-fedora-update-feedback, rust-filetreelist, rust-git-version, rust-git-version-macro, rust-gitui, rust-textwrap, ru

Published: August 7, 2021

Security Bulletin ID SB2021080714

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Race condition (CVE-ID: CVE-2021-32810)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a race condition in the "Stealer::steal", "Stealer::steal_batch" and "Stealer::steal_batch_and_pop" functions. A remote attacker can exploit the race and gain unauthorized access to sensitive information and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2021-3cf88e44b4

Vulnerable Software

Fedora: 34
rust-unicode-truncate: before 0.2.0-2.fc34
rust-unicode-linebreak: before 0.1.1-2.fc34
rust-tui-react: before 0.15.0-2.fc34
rust-tui: before 0.15.0-2.fc34
rust-textwrap: before 0.14.2-3.fc34
rust-gitui: before 0.16.2-2.fc34
rust-git-version-macro: before 0.3.4-1.fc34
rust-git-version: before 0.3.4-1.fc34
rust-filetreelist: before 0.2.0-3.fc34
rust-fedora-update-feedback: before 1.0.3-1.fc34
rust-fancy-regex: before 0.7.0-1.fc34
rust-crosstermion: before 0.7.0-2.fc34
rust-bugreport: before 0.4.0-2.fc34
rust-asyncgit: before 0.16.3-3.fc34
rust-argh_shared: before 0.1.5-2.fc34
rust-argh_derive: before 0.1.5-2.fc34
rust-argh: before 0.1.5-2.fc34