NoGoolag
Photo
https://zlaxyi.wordpress.com/2024/12/03/3537/
On the website of the #Rust Foundation, you can find out that many well-known IT corporations are involved in funding the promotion of this programming language, with Amazon, Google, Meta, and Microsoft being the platinum partners of the foundation. There is also published information on how you can get grants from this specialised foundation. Earlier this year, it became known that the White House itself, the Democratic Biden administration, urges developers to dump C and C++, while promoting Rust as a replacement for them
On the website of the #Rust Foundation, you can find out that many well-known IT corporations are involved in funding the promotion of this programming language, with Amazon, Google, Meta, and Microsoft being the platinum partners of the foundation. There is also published information on how you can get grants from this specialised foundation. Earlier this year, it became known that the White House itself, the Democratic Biden administration, urges developers to dump C and C++, while promoting Rust as a replacement for them
ivan zlax
ivan zlax
Exactly 3 years ago on this day, a conference dedicated to the Rust programming language was held in Moscow The conference is intended both for those who already write certain products in this langβ¦
sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10
https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10
The #Ubuntu 25.10 transition to using some #Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it's also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.
Initially opened as a private bug report last week was [sudo-rs] Update to address two moderate vulnerabilities.
"Upstream will release a fix for two moderate vulnerabilities targeting Friday (Nov 7 2025).
The expected coordinated release of this fix is Monday (Nov 10 2025).
One of these vulnerabilities is CVE-2025-64170."
That bug report has since been made public with the upstream sudo-rs fixes being committed. Ubuntu 25.10 is also seeing a stable release update (SRU) to address these two security issues.
One of the patches is to prevent the sudo password from being leaked in case of a timeout or sudo being killed. Another patch is to use enum for the feedback parameter. Another patch to ensure feedback is always erased before exiting the read unbuffered code. Another change is also made to not treat backspace as a password character when the password is empty.
I haven't seen any of the CVE reports made public yet for these sudo-rs security issues, but even alone the one for potentially leaking the sudo password in case of timeout or #sudo being killed is significant.
Released now is sudo-rs 0.2.10 with the latest fixes and other changes. The sudo-rs package for Ubuntu 25.10 is being SRU'ed to users.
https://www.phoronix.com/news/sudo-rs-security-ubuntu-25.10
The #Ubuntu 25.10 transition to using some #Rust system utilities continues proving quite rocky. Beyond some early performance issues with Rust Coreutils, breakage for some executables, and broken unattended upgrades due to a Rust Coreutils bug, it's also sudo-rs now causing Ubuntu developers some headaches. There are two moderate security issues affecting sudo-rs, the Rust version of sudo being used by Ubuntu 25.10.
Initially opened as a private bug report last week was [sudo-rs] Update to address two moderate vulnerabilities.
"Upstream will release a fix for two moderate vulnerabilities targeting Friday (Nov 7 2025).
The expected coordinated release of this fix is Monday (Nov 10 2025).
One of these vulnerabilities is CVE-2025-64170."
That bug report has since been made public with the upstream sudo-rs fixes being committed. Ubuntu 25.10 is also seeing a stable release update (SRU) to address these two security issues.
One of the patches is to prevent the sudo password from being leaked in case of a timeout or sudo being killed. Another patch is to use enum for the feedback parameter. Another patch to ensure feedback is always erased before exiting the read unbuffered code. Another change is also made to not treat backspace as a password character when the password is empty.
I haven't seen any of the CVE reports made public yet for these sudo-rs security issues, but even alone the one for potentially leaking the sudo password in case of timeout or #sudo being killed is significant.
Released now is sudo-rs 0.2.10 with the latest fixes and other changes. The sudo-rs package for Ubuntu 25.10 is being SRU'ed to users.
Phoronix
sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10
The Ubuntu 25.10 transition to using some Rust system utilities continues proving quite rocky
Linux Kernel Rust Code Sees Its First CVE Vulnerability
17 December 2025 - CVE-2025-68260
The first CVE #vulnerability has been assigned to a piece of the #Linux kernel's #Rust code.
Comments
#Phoronix #LinuxKernel
17 December 2025 - CVE-2025-68260
The first CVE #vulnerability has been assigned to a piece of the #Linux kernel's #Rust code.
Comments
#Phoronix #LinuxKernel