[CLSA-2026:1783611620] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 16:17:50 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/CVE-2026-33056.patch: use fs::symlink_metadata instead of fs::metadata in unpack_dir so a symlink colliding with a directory entry is not followed when extracting an archive - CVE-2026-33056
CVEs fixed:
Updated packages:
  • cargo1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:652821fcf5db5392998869d3d0e7e6f5c23e8d62
  • cargo1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:69b665f6ff8877efec262f0681248255acc6a5ea
  • libstd-rust1.89-1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:f0cc5bde13e26be35f7b8afa1e850fbbc7123bb8
  • libstd-rust1.89-dev_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:2aecaaf8c3adce40b85afc800fb0057b565b21cf
  • rust1.89-all_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:894cbb490b9cd376f1e28a5c1f99e844c526c31f
  • rust1.89-analyzer_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:560305ca0b4c18ea2d563b2e59f15312a17bdd66
  • rust1.89-clippy_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:d42a1ff303c67166dc08f84ac9abbb1b2792f795
  • rust1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:2c9e5280e64fce979465b0337765e839b3977a27
  • rust1.89-gdb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:c3f00109ef52cdf851bf7954648e8d544e97fae3
  • rust1.89-lldb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:428d27d85f6ff5a212282a6909ddc52461270e50
  • rust1.89-llvm_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:c3e7ab596a71f2689a72dc0beb6034a0b40ba964
  • rust1.89-src_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:0bb22b019dc582d9974e5864b5b6af4243cfe7f3
  • rustc1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:b2a917919e004124783ef624562bdb92698e5d5a
  • rustfmt1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_amd64.deb
    sha:c115909f551a65e58e8c7ef44847d2c045dfe105
  • cargo1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:53e2a8c0664ec1e43e6c2cf09af3297dfc564c24
  • cargo1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:bd2d182f50f69922a070f26a4a82c07cc9ef6a35
  • libstd-rust1.89-1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:af5b20dc5d65ca876e96126864ace327c7eb22f9
  • libstd-rust1.89-dev_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:7b189dad147c43861894df56a3ef61e26d5cc9ef
  • rust1.89-all_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:894cbb490b9cd376f1e28a5c1f99e844c526c31f
  • rust1.89-analyzer_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:167875564caa5fff37bf7fec6eb2c93c10b79e01
  • rust1.89-clippy_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:70ac32771eb18f197b9973f41c86e7909ba35a6e
  • rust1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:44a6f07506a37323728babe8c5d1bf9cbeb9d49a
  • rust1.89-gdb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:c3f00109ef52cdf851bf7954648e8d544e97fae3
  • rust1.89-lldb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:428d27d85f6ff5a212282a6909ddc52461270e50
  • rust1.89-llvm_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:41b82ee8d11566cf95cff6ae4c5c1058f4e2cb26
  • rust1.89-src_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_all.deb
    sha:0bb22b019dc582d9974e5864b5b6af4243cfe7f3
  • rustc1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:77991058283f667098c0da3efbf1cbcf4d1de346
  • rustfmt1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els5_arm64.deb
    sha:4b2d4fff61df62d0237202ee39ba484825eb9f81
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.