Release date:
2026-07-09 16:07:39 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate
- debian/patches/CVE-2026-33056.patch: use fs::symlink_metadata() instead of
fs::metadata() in unpack_dir() in vendor/tar-0.4.44/src/entry.rs so a symlink
followed by a same-name directory entry can no longer chmod directories
outside the extraction path
- CVE-2026-33056
Updated packages:
-
cargo1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:361ea9e7be54d3f592a4555498c5ebc508a59707
-
cargo1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:d5b4146675563481afc481e3434f34eea9d47f23
-
libstd-rust1.88-1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:71a8f48e89b6c795da06fdc8fe72f133918c22a4
-
libstd-rust1.88-dev_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:92ad724c12efd286dc012438f3d42356fa4f7254
-
rust1.88-all_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:6371591037e524b9717feed69ef24c6177167bf9
-
rust1.88-analyzer_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:616c4b9b2566776c5b95e4dcbf1c89a95da6e190
-
rust1.88-clippy_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:090840ef95ec99d340891f115b47736ae3d5574e
-
rust1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:d0e6704ca5a9c5ace890315917c2da97f3c8ebd3
-
rust1.88-gdb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:ef6c75ec912351634c4bba9f1ecba9bfeaa9436b
-
rust1.88-lldb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:b7d51303f47e250cfcabad97487946def7fd8836
-
rust1.88-llvm_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:55720f3bb81e1247aeb7230ffc89fd0080e1e6f3
-
rust1.88-src_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:34e00c106a4d4e13b7bb97407e326db2ca20fce0
-
rustc1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:9d7ef2be416367643b728881481d22447112798f
-
rustfmt1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
sha:6fc21b279a5e1dd3bf52063815e93a956e0d472c
-
cargo1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:1794eac7c12853cff8b6d4f8dbe8161328ce4c52
-
cargo1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:739a3f492be81de31a4e474fed01838ff9253aea
-
libstd-rust1.88-1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:a17026c63c06677b299f904fa30caaf95989cbd6
-
libstd-rust1.88-dev_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:c30104a7774121540aaa889b730d791e3c476d30
-
rust1.88-all_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:6371591037e524b9717feed69ef24c6177167bf9
-
rust1.88-analyzer_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:6b62f7bcd1fac479043dd1b316155a6de16ca64d
-
rust1.88-clippy_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:5228ecff42d37adb28c2ea5f647f1ad7f7bf0d9b
-
rust1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:cdced9f6f4bfff76f30680c6b73c8246f2cb2e51
-
rust1.88-gdb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:ef6c75ec912351634c4bba9f1ecba9bfeaa9436b
-
rust1.88-lldb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:b7d51303f47e250cfcabad97487946def7fd8836
-
rust1.88-llvm_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:1fe20817e9a1f1f14fa57ef8461c3d75decc3772
-
rust1.88-src_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
sha:34e00c106a4d4e13b7bb97407e326db2ca20fce0
-
rustc1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:4b5b0825ae70dbd3ec8482a35b0dcdce7ad23150
-
rustfmt1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
sha:bb9e5738357d047906da150a55aa1657be167b70
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.