[CLSA-2026:1783627754] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 20:26:25 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/CVE-2026-33056.patch: use fs::symlink_metadata() instead of fs::metadata() in unpack_dir so a pre-existing symlink is not treated as a valid existing directory, preventing permission changes on directories outside the extraction path - CVE-2026-33056
CVEs fixed:
Updated packages:
  • cargo1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:58036cbcdfd63ab4266ccea13b812771a98662cc
  • cargo1.86-doc_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:ddc880514ef535f8b270c2d0d53626df7e5b0c52
  • libstd-rust1.86-1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:0f4399c6a25464a44c1de5e5cd6715d1f5358b35
  • libstd-rust1.86-dev_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:6f6bb41f4c6a145962844963360ac8cc1b424030
  • rust1.86-all_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:8bd0d8013ff33fb5bb63ec094c3519c740a7f755
  • rust1.86-analyzer_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:678c056aeeafdaf356072161dfc596e85bae5c46
  • rust1.86-clippy_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:2427fbc2f08fe1bc5219da4f952227bef64f0a8a
  • rust1.86-doc_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:dd5ce6abf8f8e84b58447902b9d889a783e7f3ab
  • rust1.86-gdb_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:62f07b01cbb7da2a67c8e5405857d6451fc83c74
  • rust1.86-lldb_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:3ccf698cf8f32c43e9414e82ee00e7b80c918150
  • rust1.86-llvm_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:7ea1d1e9617c626c6c7d789623887f22ac0c4085
  • rust1.86-src_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:bebd422155b4818d9d4b8c99d46db328c5347a4a
  • rustc1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:8e73bb4a8b8652a7f4f28b5e44c13b1fb6b3a149
  • rustfmt1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:d97ae81867af55d2eec585214dbe13973ec018db
  • cargo1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:4c973d6402d36e9381cceed14425929c3772195b
  • cargo1.86-doc_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:926920b6610c964fdb29c0b08446863784a83935
  • libstd-rust1.86-1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:4d7c8e34e6f577908fab313035242f9b02969de5
  • libstd-rust1.86-dev_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:e1717994b7480004e2bb011ac6d3a6e491a15b47
  • rust1.86-all_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:8bd0d8013ff33fb5bb63ec094c3519c740a7f755
  • rust1.86-analyzer_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:d18d815f262ae3145fd5ce51e3cc9bbd8020446f
  • rust1.86-clippy_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:9f7a73d40216651643a1cef2be5a4e2da173e7ad
  • rust1.86-doc_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:00b883c2777e058a5a28ff99df70d876ceff7e62
  • rust1.86-gdb_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:62f07b01cbb7da2a67c8e5405857d6451fc83c74
  • rust1.86-lldb_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:3ccf698cf8f32c43e9414e82ee00e7b80c918150
  • rust1.86-llvm_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:a9848c196d66c7b90db5db440003e312adddce5b
  • rust1.86-src_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:bebd422155b4818d9d4b8c99d46db328c5347a4a
  • rustc1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:33993a7bfddd1a2d120e1f559c319e2b097ad37c
  • rustfmt1.86_1.86.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:63b29fabf35f0af54cd5097ad90565c8a01211b6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.