[CLSA-2026:1783629280] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 20:34:59 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/vendor/CVE-2026-33056.patch: use fs::symlink_metadata() instead of fs::metadata() in unpack_dir so a symlink/directory collision cannot modify permissions on directories outside the extraction path - CVE-2026-33056
CVEs fixed:
Updated packages:
  • cargo1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:59e917ad6bfb13ca246a9099bf66da08da4237d7
  • cargo1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:c57de61d63c0f875ba84e37fa4778d395beed45c
  • libstd-rust1.87-1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:e43539965e2e3e1ac2e6d34cd898a58264452979
  • libstd-rust1.87-dev_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:aa1b155949fbddeee64eeb4ab267dc0d09fe2151
  • rust1.87-all_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:59020ff17a9f43541c7876a5ce7dfcf22b73f403
  • rust1.87-analyzer_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:43a8499ab7c5b4d3fe04eff541c2e0d371a600fa
  • rust1.87-clippy_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:3dbe96ceda0de6871af097f333ea3c78787d8e8f
  • rust1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:58a5e693c015bb7a2e273716e3d06d919233a0f4
  • rust1.87-gdb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:2736e3d2e951ddc12a316c5835eac0d24d39e790
  • rust1.87-lldb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:e23f0e68fc4807787412e8c4bb6b2d46058955c3
  • rust1.87-llvm_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:aa17ba62213ef767c027153b3db8b80503c6db82
  • rust1.87-src_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:f30a9670fdf3bfaf9d134b04e9929ae00c03593e
  • rustc1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:a7409bf92ab27081c1ae2ad9409bf57629dbae73
  • rustfmt1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:95b89c055b60d7dfdcb706ccf2e09a64d68807ad
  • cargo1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:7f4d4ea2db8b899b05632062dc80caac0177d3eb
  • cargo1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:55f11be59b4ec0ef44e53f959c2aeaf27aaaf706
  • libstd-rust1.87-1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:ded7d197aa8f67aaadea6821c42e4231107228b9
  • libstd-rust1.87-dev_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:60622ef69839814ba784215f31547ff723ef2bd9
  • rust1.87-all_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:59020ff17a9f43541c7876a5ce7dfcf22b73f403
  • rust1.87-analyzer_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:918901ce69ba063ae4d69be1909e1ceb1385c94c
  • rust1.87-clippy_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:bf285f70487bbc53e2b5886a1e6fa163d2e6145a
  • rust1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:7adfda78366a6b13951dd0448878138678deb1e5
  • rust1.87-gdb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:2736e3d2e951ddc12a316c5835eac0d24d39e790
  • rust1.87-lldb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:e23f0e68fc4807787412e8c4bb6b2d46058955c3
  • rust1.87-llvm_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:ab01c43af534c894b23cd1e1f5128e2e57b6546c
  • rust1.87-src_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:f30a9670fdf3bfaf9d134b04e9929ae00c03593e
  • rustc1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:4b2ed4c955c04fc39ca81286ce655b13ee8eb448
  • rustfmt1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:c326c73c60477f18d83d149e8d0b154272f188d8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.