SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rust, rust1.72 (SUSE-SU-2023:3722-1)

medium Nessus Plugin ID 181776

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3722-1 advisory.

Changes in rust:

- Update to version 1.72.0 - for details see the rust1.72 package

Changes in rust1.72:

- CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)


Version 1.72.0 (2023-08-24) ==========================

Language
--------

- Replace const eval limit by a lint and add an exponential backoff warning
- expand: Change how `#![cfg(FALSE)]` behaves on crate root
- Stabilize inline asm for LoongArch64
- Uplift `clippy::undropped_manually_drops` lint
- Uplift `clippy::invalid_utf8_in_unchecked` lint
- Uplift `clippy::cast_ref_to_mut` lint
- Uplift `clippy::cmp_nan` lint
- resolve: Remove artificial import ambiguity errors
- Don't require associated types with Self: Sized bounds in `dyn Trait` objects

Compiler
--------

- Remember names of `cfg`-ed out items to mention them in diagnostics
- Support for native WASM exceptions
- Add support for NetBSD/aarch64-be (big-endian arm64).
- Write to stdout if `-` is given as output file
- Force all native libraries to be statically linked when linking a static binary
- Add Tier 3 support for `loongarch64-unknown-none*`
- Prevent `.eh_frame` from being emitted for `-C panic=abort`
- Support 128-bit enum variant in debuginfo codegen
- compiler: update solaris/illumos to enable tsan support.

Refer to Rust's platform support page for more information on Rust's tiered platform support.

Libraries
---------

- Document memory orderings of `thread::{park, unpark}`
- io: soften at most one write attempt requirement in io::Write::write
- Specify behavior of HashSet::insert
- Relax implicit `T: Sized` bounds on `BufReader<T>`, `BufWriter<T>` and `LineWriter<T>`
- Update runtime guarantee for `select_nth_unstable`
- Return `Ok` on kill if process has already exited
- Implement PartialOrd for `Vec`s over different allocators
- Use 128 bits for TypeId hash
- Don't drain-on-drop in DrainFilter impls of various collections.
- Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata

Rustdoc
-------

- Allow whitespace as path separator like double colon
- Add search result item types after their name
- Search for slices and arrays by type with `[]`
- Clean up type unification and 'unboxing'

Stabilized APIs
---------------

- `impl<T: Send> Sync for mpsc::Sender<T>`
- `impl TryFrom<&OsStr> for &str`
- `String::leak`

These APIs are now stable in const contexts:

- `CStr::from_bytes_with_nul`
- `CStr::to_bytes`
- `CStr::to_bytes_with_nul`
- `CStr::to_str`

Cargo
-----

- Enable `-Zdoctest-in-workspace` by default. When running each documentation test, the working directory is set to the root directory of the package the test belongs to.
- Add support of the 'default' keyword to reset previously set `build.jobs` parallelism back to the default.

Compatibility Notes
-------------------

- Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses
- Cargo changed feature name validation check to a hard error. The warning was added in Rust 1.49. These extended characters aren't allowed on crates.io, so this should only impact users of other registries, or people who don't publish to a registry.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected cargo, cargo1.72, rust and / or rust1.72 packages.

See Also

https://bugzilla.suse.com/1214689

https://www.suse.com/security/cve/CVE-2023-40030

http://www.nessus.org/u?01077fb6

Plugin Details

Severity: Medium

ID: 181776

File Name: suse_SU-2023-3722-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 9/22/2023

Updated: 6/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.3

Percentile: 9.14

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2023-40030

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:cargo, p-cpe:/a:novell:suse_linux:rust, p-cpe:/a:novell:suse_linux:cargo1.72, p-cpe:/a:novell:suse_linux:rust1.72

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/21/2023

Vulnerability Publication Date: 8/24/2023

Reference Information

CVE: CVE-2023-40030

SuSE: SUSE-SU-2023:3722-1