[CLSA-2026:1783630424] Fix CVE(s): CVE-2026-33055
Type:
security
Severity:
Moderate
Release date:
2026-07-09 20:54:04 UTC
Description:
* SECURITY UPDATE: PAX size header smuggling in vendored tar crate - debian/patches/vendor/tar-rs-backport-fix-for-CVE-2026-33055.patch: unconditionally honor the PAX size extended header in vendor/tar-0.4.44/src/archive.rs so crafted archives cannot smuggle hidden entries past the parser - CVE-2026-33055
CVEs fixed:
Updated packages:
  • cargo1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:71b4762a69aa1af0925ffb8dbcb9be9efb9fa203
  • cargo1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:3423fc664ab7d46ca83150735abfed296c74c62d
  • libstd-rust1.87-1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:2361a39d1954fa0f21a9186ee34d608abca6e99e
  • libstd-rust1.87-dev_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:0e1cd01ad40b8ed22e320ce2e5a1c5c1be0699ea
  • rust1.87-all_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:7ac5329c293262c33356960ddcd41edb26b915e7
  • rust1.87-analyzer_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:d84fcf9d0ebbc41e2cff2efa87b5efd5e4d0e2a0
  • rust1.87-clippy_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:e06d178f4dae4cd032a5a3d4369ddd0425abc7f5
  • rust1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:e1a600ca0db2d449a45c610b4b27c62a2d8b8281
  • rust1.87-gdb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:2ec8d3addc6bc1d936f955c95450df178c709e40
  • rust1.87-lldb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:f051aaf675643def19d31902d4dde18c7cc5b8fa
  • rust1.87-llvm_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:aa5015970cca26b3159cfb7fc168bd9361a3eefb
  • rust1.87-src_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:8e5cb01ebe6d5381475e7cc07f1d0fd07bfe066c
  • rustc1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:300a7c388ee11212b90ee3503939e31a8e622168
  • rustfmt1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:40397cfa64c15efc7bdd73e19ba8e66d4ca120aa
  • cargo1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:6cc1da2eeb33b67086c51945e9313fbe1f90241d
  • cargo1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:77ca8d5642876944e667ac41eecd3bad68739f8b
  • libstd-rust1.87-1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:b2fab2224a476924656a20cb81e724800585f95b
  • libstd-rust1.87-dev_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:ac858d160da2c48923ef25650ba5047667788774
  • rust1.87-all_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:7ac5329c293262c33356960ddcd41edb26b915e7
  • rust1.87-analyzer_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:68cc491286675140840324d5ab1e7ce185d08d9b
  • rust1.87-clippy_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:2474f155417aa0912a7e06c8c50950439b94f3c3
  • rust1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:57e04d8fe696c2a3c755d37b65a3c7ab7fc66dc7
  • rust1.87-gdb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:2ec8d3addc6bc1d936f955c95450df178c709e40
  • rust1.87-lldb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:f051aaf675643def19d31902d4dde18c7cc5b8fa
  • rust1.87-llvm_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:4bcef0ac4f07703305a5dd1ba0f08d38095778ed
  • rust1.87-src_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:8e5cb01ebe6d5381475e7cc07f1d0fd07bfe066c
  • rustc1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:56afa1b0123130650c517bd89df18b96639a727f
  • rustfmt1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:adf938012761074add655bf2f7efe40991a05a26
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.