Rust 1.58.1 fixes dangerous race condition

This point release arriving January 20, 2022, just days after Rust 1.58, fixes a race condition in the std::fs::remove_dir_all standard library function. This vulnerability is tracked at CVE-2022-21658 and there was an advisory published. An attacker could use this security issue to trick a privileged program into deleting files and directories that the attacker otherwise could not access or delete. Rust versions 1.0 through 1.58 are affected by this vulnerability. Users are advised to update their toolchains and build programs with the updated compiler.

To read this article in full, please click here