[CLSA-2026:1783611993] Fix CVE(s): CVE-2026-33055, CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 16:24:32 UTC
Description:
* SECURITY UPDATE: PAX size smuggling in vendored tar crate - debian/patches/vendor/CVE-2026-33055.patch: unconditionally honor the PAX size extended header in archive.rs so a crafted archive can no longer hide a smuggled entry by declaring a small header size while the PAX size inflates the region - CVE-2026-33055
Updated packages:
  • cargo1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:3808073846919c23baeca260c097513229e79988
  • cargo1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:655078fcac9a9eac5b7e530983535bc0a24bfdec
  • libstd-rust1.9-1.90_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c2d74bf7b46fe810aed2da764d66d98e060b846a
  • libstd-rust1.9-dev_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:d8b6580534758bab07419ea321298f01cd866619
  • rust1.9-all_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:8c4858cdfee75d22bd65cb2b1817c53a3a73fbd1
  • rust1.9-analyzer_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:f481848c24daa41344f6aabd2480cd88352cde7b
  • rust1.9-clippy_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c3a16fb74441bc3a41b0e780a4c429f5d32287de
  • rust1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:8edbff4e9364dc6f7e95fe7d6b61b04039f860c3
  • rust1.9-gdb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:377aabc44d4a299d9dffcecc696920748c9a0837
  • rust1.9-lldb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:f152772053cedff3f223a06fafb9d3aa40dc293f
  • rust1.9-llvm_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:d25f3384343b4768d6e279ce5f040cc910a71a35
  • rust1.9-src_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:1691695e7239e06cc4f3eeb431f5371152b1d025
  • rustc1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:14a08b64acf1aea0e95c6cf77d91b3c1013b1838
  • rustfmt1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:0830f307ca9995711e3c21468cb231063f39a86f
  • cargo1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:a89c78593975805e29ecc600347594d2d67f9332
  • cargo1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:3e55a49523f366a28304c90fcca83337871a4442
  • libstd-rust1.9-1.90_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:d6bf2f0bd3eda7eb74e0028867a98605ba65690a
  • libstd-rust1.9-dev_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:69aebd414587535732b485ef6d11391d5852f576
  • rust1.9-all_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:8c4858cdfee75d22bd65cb2b1817c53a3a73fbd1
  • rust1.9-analyzer_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:d3f265c13a75d33fb189d99e698325ef63745b5d
  • rust1.9-clippy_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:af403a6a27dd37ab33a5903d5a6031b44d1b2088
  • rust1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:a89047a63eedf2633616b99aa4e45a31c6a80b1b
  • rust1.9-gdb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:377aabc44d4a299d9dffcecc696920748c9a0837
  • rust1.9-lldb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:f152772053cedff3f223a06fafb9d3aa40dc293f
  • rust1.9-llvm_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:b8ef22b67964580239c38f8d5b479763684bf91d
  • rust1.9-src_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:1691695e7239e06cc4f3eeb431f5371152b1d025
  • rustc1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:b20d1307494e748ba1ac1854388347ac88c168fb
  • rustfmt1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:275e2fc1fe5e812605029d64876b7a167d32c8ed
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.