[CLSA-2026:1783630149] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 20:49:29 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/vendor/CVE-2026-33056.patch: use fs::symlink_metadata() in unpack_dir so a symlink colliding with a later directory entry is not followed, preventing permission changes on directories outside the extraction path - CVE-2026-33056
CVEs fixed:
Updated packages:
  • cargo1.85_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:987c3336b484ba21c2719c6223e603629fe57308
  • cargo1.85-doc_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:61cef86267c38f0d531a56b04e50a573f8b715f3
  • libstd-rust1.85-1.85_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:4dec8591be081fbc7b36a3402176e33080ff3cad
  • libstd-rust1.85-dev_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:d047db55a2d3c8561916e9ae7b4f5dd871f08a0a
  • rust1.85-all_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:632523de7cab8974cbbbdef3a0c8e3183cfb246d
  • rust1.85-analyzer_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:24896cb497b209806478da2868da733f390e6843
  • rust1.85-clippy_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:65cac0a837f9139befe378fe70915660a9af8838
  • rust1.85-doc_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:9d30954b5442db9fa9c67b27ac3bb72aae5befdf
  • rust1.85-gdb_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:53b7767a96e2a36d42082dfe7fb38338613fbba5
  • rust1.85-lldb_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:df2b1bcda1be2d161f67cba1d2ef04ef58999423
  • rust1.85-llvm_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:c5769218095bd7a51b57d0fc26a87e206f5904d0
  • rust1.85-src_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:e8dc6e16e2dd7eb58374113d5edd0d05ed50adf7
  • rustc1.85_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:b0b12462c640fd26636480fa284e14af38adb469
  • rustfmt1.85_1.85.0+dfsg3-1+tuxcare.els5_amd64.deb
    sha:cfeffb5a5994ea98a20a145e6d170c9661fb8225
  • cargo1.85_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:c6070084416c23b804627e119d58ad9a04d415b5
  • cargo1.85-doc_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:61cef86267c38f0d531a56b04e50a573f8b715f3
  • libstd-rust1.85-1.85_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:b33d407503e342ad94fe80bc83d2306b87b5ad94
  • libstd-rust1.85-dev_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:882ec1f40ea8ea53fe8e8974362b2e0f2daec7d2
  • rust1.85-all_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:632523de7cab8974cbbbdef3a0c8e3183cfb246d
  • rust1.85-analyzer_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:046590fdf3f6ef76d6d43f3dd1151aa912189e71
  • rust1.85-clippy_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:ee939683be175b54cfcc4df666e96328a89f6ec1
  • rust1.85-doc_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:2de3151d32371e47434aebb3ce4d8b6ab4deede4
  • rust1.85-gdb_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:53b7767a96e2a36d42082dfe7fb38338613fbba5
  • rust1.85-lldb_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:df2b1bcda1be2d161f67cba1d2ef04ef58999423
  • rust1.85-llvm_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:0cd985cb87e96b7441244166fac737474deb86db
  • rust1.85-src_1.85.0+dfsg3-1+tuxcare.els5_all.deb
    sha:e8dc6e16e2dd7eb58374113d5edd0d05ed50adf7
  • rustc1.85_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:23bf7f9837fecaefd0b8f6780b6d7a6ab1a0e822
  • rustfmt1.85_1.85.0+dfsg3-1+tuxcare.els5_arm64.deb
    sha:8bd0a62244bf17dbf0a701f6dead60f6f5ed4c59
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.