[CLSA-2026:1783611775] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
None
Release date:
2026-07-09 16:14:26 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/CVE-2026-33056.patch: use fs::symlink_metadata instead of fs::metadata in unpack_dir so a symlink colliding with a directory entry is not followed when extracting an archive - CVE-2026-33056
Updated packages:
  • cargo1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:86527e7dc3784d4bc76be65205e996cd00a67e42
  • cargo1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:5d333ab08320777a65d40fcdffb283a09d7b7c7c
  • libstd-rust1.89-1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:0db4af1147e5db1285853f7cbb3d504a428c1077
  • libstd-rust1.89-dev_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:a4b530eb72529d21694096af5dc214f6fc26a250
  • rust1.89-all_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:4577186bd4d03e5e720142b882cdc312c0e6b04b
  • rust1.89-analyzer_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:eb8dac0fe170bf2b0133634dd3cf69fc6608436a
  • rust1.89-clippy_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:38e9a3c61110bd471b6fd316aa8d15b846fdc1ff
  • rust1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:0259c08b4199cb8ad8b59ebd56471efacbb0d38d
  • rust1.89-gdb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:d01481ed17593566988e1ae995848691e46de056
  • rust1.89-lldb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:724a8215299fe38ccff41d635f7b06443bd6ad0f
  • rust1.89-llvm_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:1e4e3881ae2fd5144004e1feacf1e0d0599bd210
  • rust1.89-src_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:adf4bcefe8c99428916e0beca1dac2dfef911e27
  • rustc1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:f81c76e442bc1bd7096d118ae34c4ab1b8174bf4
  • rustfmt1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:bc7409b6b6acce2ecf301b9fd7adc5723a5527de
  • cargo1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:57811b47c22cb0c2293087349d2d2c4d90659bf3
  • cargo1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:5d333ab08320777a65d40fcdffb283a09d7b7c7c
  • libstd-rust1.89-1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:3f0d74e25580d150d2d954f59ff70b703543ce87
  • libstd-rust1.89-dev_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:e38891cc1d81dadf3c060b2a7230542bfc9826e4
  • rust1.89-all_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:4577186bd4d03e5e720142b882cdc312c0e6b04b
  • rust1.89-analyzer_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:4873814271ddee39138243ffc228817614829939
  • rust1.89-clippy_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:9570d877492d4ffb21c1200cb3129342383d4078
  • rust1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:a4e8e24e48e128dee68ec9d0a32164e4310f546a
  • rust1.89-gdb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:d01481ed17593566988e1ae995848691e46de056
  • rust1.89-lldb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:724a8215299fe38ccff41d635f7b06443bd6ad0f
  • rust1.89-llvm_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:e9e2a202f3bacca82fa5efe94f35ff58b4c708d1
  • rust1.89-src_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:adf4bcefe8c99428916e0beca1dac2dfef911e27
  • rustc1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:f5b6b1d0f262eb97298a443e25fc59c7bded4862
  • rustfmt1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:5c3971d8503b02c90d5d9cc9b6b8335d10088ab1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.