[CLSA-2026:1783611193] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 16:00:32 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/CVE-2026-33056.patch: use fs::symlink_metadata() instead of fs::metadata() in unpack_dir() in vendor/tar-0.4.44/src/entry.rs so a symlink followed by a same-name directory entry can no longer chmod directories outside the extraction path - CVE-2026-33056
CVEs fixed:
Updated packages:
  • cargo1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:5f1d491a23cb0894f29c58351af1326539efc041
  • cargo1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:ba77ce1c6a6d7616872ac0cec03c40a5443b3e9c
  • libstd-rust1.88-1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:971259b5eafe97e1bb7c41d5f39569e83b402f41
  • libstd-rust1.88-dev_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:98a7ba4b074043e4c40ccae5201a9870f274f48b
  • rust1.88-all_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:2bd8b58729b771b4f34cf6e5d2894f5e36d9ce02
  • rust1.88-analyzer_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:7ce04fc420f66517e07d1eaf5ce6c207aa214af0
  • rust1.88-clippy_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:c053fd41b14d288ce7b4baa0c2fef829cf03aad6
  • rust1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:c9d34d87c47619f61b8bd07509ddd4e4778c07fe
  • rust1.88-gdb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:92d1fb2687a4551f43716d7e803afeb0ca03e13c
  • rust1.88-lldb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:15db058790eb8fa92b70f88bfc125691e5d484d0
  • rust1.88-llvm_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:bcdffb746c5dbe4dca29dacc3fa06198ca7974b5
  • rust1.88-src_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:65e4523e505236905c0ac1e5639fc37ce36badbb
  • rustc1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:c62113b981182a4e9f27b829bdf445d872f050e1
  • rustfmt1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_amd64.deb
    sha:7ff133546c9f8c4df7d890b5fe4345c6b0415fce
  • cargo1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:dadefb1b872c0a718f19601baa26d5663d6e4329
  • cargo1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:5873d3df47f5f3d9c0a144fa21d53098cfb5cf8a
  • libstd-rust1.88-1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:6127255a9bda6ef67e718373dbe61a4b732ae37d
  • libstd-rust1.88-dev_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:16282b6ca9ec86e14dd82a51189abe9bb6ba16f6
  • rust1.88-all_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:2bd8b58729b771b4f34cf6e5d2894f5e36d9ce02
  • rust1.88-analyzer_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:762465728ebf22812ec51ce09da6b920e32ed140
  • rust1.88-clippy_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:ab8a718b805ef65fd18aa5d47d4add9e8bda8c2d
  • rust1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:bde03df4df4bbd159134fd3f8d28e14fbaa22399
  • rust1.88-gdb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:92d1fb2687a4551f43716d7e803afeb0ca03e13c
  • rust1.88-lldb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:15db058790eb8fa92b70f88bfc125691e5d484d0
  • rust1.88-llvm_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:2e0aacbe93b161f1e3f92670352d5fbab2297408
  • rust1.88-src_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_all.deb
    sha:65e4523e505236905c0ac1e5639fc37ce36badbb
  • rustc1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:19f83b4dc4a96a75a43262a62aacbd8ddac4bbbf
  • rustfmt1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els5_arm64.deb
    sha:57d5c01555c345ea17a9a82ae8c79fe94a054341
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.