[CLSA-2026:1783612613] Fix CVE(s): CVE-2026-33055
Type:
security
Severity:
Moderate
Release date:
2026-07-09 16:03:36 UTC
Description:
* SECURITY UPDATE: PAX size smuggling in vendored tar crate - debian/patches/CVE-2026-33055.patch: unconditionally honor the PAX extended-header size override in next_entry_raw so a PAX size cannot be used to hide a smuggled entry behind a smaller ustar header size - CVE-2026-33055
CVEs fixed:
Updated packages:
  • cargo1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c2ec80b64f519cab91c8aafab8c57eeed48fdad0
  • cargo1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:8f3d315d7ab50c7e8d5d96686c59bd7402c15924
  • libstd-rust1.89-1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:88512a9ff01102298eb2f4e802b3edad27989176
  • libstd-rust1.89-dev_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c0ec234713d0150557a9fcefed88cc84ffe2b5d3
  • rust1.89-all_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:de569bef90c2c9177c67b1fe3931840c3a5f0a3a
  • rust1.89-analyzer_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:23060106bfaae741d16d43a0ac58c3104373cf7c
  • rust1.89-clippy_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:e5b71ca07424be97fe78b1f7418fdd6d472d133c
  • rust1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:5199b5a07035187415bde38d58c982ac56793656
  • rust1.89-gdb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:503240a7dc4d91ad5d930196578555e8d650c788
  • rust1.89-lldb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:2bd3ce4258e5b4ffed775659b2a666230a2e138e
  • rust1.89-llvm_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:4133e9ca8dc6be18f0f30a8bbfbcaf6aadc0a99e
  • rust1.89-src_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:c6797d84cdeae158bd664d020471a48feb519754
  • rustc1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:aaf49cd41b2c5b5e68359d3d3cb4effac3bee8f0
  • rustfmt1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c7ca9d51ad02190cf1e016fdf95ea9fd1b0ee6e2
  • cargo1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:a969a24a058a25a65b27e17158e1521f247df28e
  • cargo1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:8f3d315d7ab50c7e8d5d96686c59bd7402c15924
  • libstd-rust1.89-1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:2dacb7e6c2fa166b0041ade27d8c2b704410b9be
  • libstd-rust1.89-dev_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:61978447deaab3cce6523c79304438acdcc7a906
  • rust1.89-all_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:de569bef90c2c9177c67b1fe3931840c3a5f0a3a
  • rust1.89-analyzer_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:03c6a0b2b0eb39d8607cbe525fb30c90f2ca9b36
  • rust1.89-clippy_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:0b393bb857f91a49aad458c4621219765e35cca8
  • rust1.89-doc_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:84c68cc5fa12154f92e02108929c3cc0e2928438
  • rust1.89-gdb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:503240a7dc4d91ad5d930196578555e8d650c788
  • rust1.89-lldb_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:2bd3ce4258e5b4ffed775659b2a666230a2e138e
  • rust1.89-llvm_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:60065b1728d6eaafe5cd5f0cf79202b45793b55a
  • rust1.89-src_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:c6797d84cdeae158bd664d020471a48feb519754
  • rustc1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:33fe86b2327aae79784667892c7fc99216aabade
  • rustfmt1.89_1.89.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:bb5877a33459afcc3947d92e96c616981f008bac
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.