[CLSA-2026:1783612150] Fix CVE(s): CVE-2026-33055, CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 16:21:12 UTC
Description:
* SECURITY UPDATE: PAX size smuggling in vendored tar crate - debian/patches/vendor/CVE-2026-33055.patch: unconditionally honor the PAX size extended header in archive.rs so a crafted archive can no longer hide a smuggled entry by declaring a small header size while the PAX size inflates the region - CVE-2026-33055
Updated packages:
  • cargo1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:b48e7cffb310443c863832309525b4686fe61002
  • cargo1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:cb06736117638c81a02257b89877f9bfff1f9180
  • libstd-rust1.9-1.90_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:6bf6550c3bd36b2fb3e3834ccdcb74ad21140ec2
  • libstd-rust1.9-dev_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c79ca1790ac7d299cb94496886ed578f4399868a
  • rust1.9-all_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:a4dc06aa1651dee23f6c1293d89c7a29ee7ed003
  • rust1.9-analyzer_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:d0f0bd6562df80930e7507ac3664fec9092d6f88
  • rust1.9-clippy_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:f0c1c3db7873201608d8150e2ac48712f858a7f0
  • rust1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:b1b437033e7378f2cc3e31da60269adfd21d0b51
  • rust1.9-gdb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:e99d1dd6fba10f69d0179a823346cae472844ea8
  • rust1.9-lldb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:e7bef8207de8fc1ca6f3313a0ef41ec4ad111e5e
  • rust1.9-llvm_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:30ae4fe0e55db0689f9e62978391e825b434d6bc
  • rust1.9-src_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:3ee34a466a591cb36010eda93be220bd2b387512
  • rustc1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:45b4f189b05e37d628a6937704f3f3c7253d8bc0
  • rustfmt1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:4dfe2287ec2d2243dfa9b45ffde0980a44a392cf
  • cargo1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:c46ed36d181c9bc3a3aea1983f25e272d00b18f5
  • cargo1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:5294829f32db091f4db904752a816bc150464e01
  • libstd-rust1.9-1.90_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:f502228c03d8b606922de01a3975a593ad3edcee
  • libstd-rust1.9-dev_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:959b041b79b1dea2e88c35708fdfe5cad275b0bb
  • rust1.9-all_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:a4dc06aa1651dee23f6c1293d89c7a29ee7ed003
  • rust1.9-analyzer_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:1ba625bcb1ed2727b4ef0a851bdcd137dd6c749b
  • rust1.9-clippy_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:dfb09b20e3bdebdc425c269587bd64fe76b47492
  • rust1.9-doc_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:2cb27b42737f2379ed4acccabec5ecaa4072dcbf
  • rust1.9-gdb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:e99d1dd6fba10f69d0179a823346cae472844ea8
  • rust1.9-lldb_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:e7bef8207de8fc1ca6f3313a0ef41ec4ad111e5e
  • rust1.9-llvm_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:3bfc038047e0dafe07803106d7f3dacc851e4f21
  • rust1.9-src_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:3ee34a466a591cb36010eda93be220bd2b387512
  • rustc1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:87ffaec766cc18b41afec037e75274670b04331c
  • rustfmt1.9_1.90.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:e421cda9b9fdfb9dab327cba79cba33361d478b1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.