[CLSA-2026:1783631759] Fix CVE(s): CVE-2026-33056
Type:
security
Severity:
Moderate
Release date:
2026-07-09 21:16:19 UTC
Description:
* SECURITY UPDATE: symlink-directory collision chmod attack in vendored tar crate - debian/patches/vendor/CVE-2026-33056.patch: use fs::symlink_metadata() instead of fs::metadata() in unpack_dir so a symlink/directory collision cannot modify permissions on directories outside the extraction path - CVE-2026-33056
CVEs fixed:
Updated packages:
  • cargo1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:c4034a7e9be3bc39917b06e8cba35dd174336683
  • cargo1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:cc7a5e493731b0a3404d6c5237d88cca596d3d1d
  • libstd-rust1.87-1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:9eec03fccebbddd5c3e23511d34534a959023b27
  • libstd-rust1.87-dev_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:82b4d2986101a23a9f7f7615f6417573c603b530
  • rust1.87-all_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:290cfc0bcda1a9b9703c81007103c7c187f5170d
  • rust1.87-analyzer_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:0d946b55c2f21292285761cc75424f9688818da2
  • rust1.87-clippy_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:25715f43469aec039499dff1ce362852f77098ae
  • rust1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:110a61a38f6089872f90f26c107edeebc47f1341
  • rust1.87-gdb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:db3d208efe96cac7518c5a0ebda1a7b7087d552f
  • rust1.87-lldb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:9a9a542ee4dfded2c467abb1603fb4a820940022
  • rust1.87-llvm_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:9f30450bbd48d1544374b1c58a991e6896c7be72
  • rust1.87-src_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:ace5e4890d91403521295f45149a69ce65adbd66
  • rustc1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:dda06fdb02b3b8d8d248be93538c0cd1937904c5
  • rustfmt1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_amd64.deb
    sha:2c8b22b272a6091b2a3a279c48149748f9784e6e
  • cargo1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:7ab826e547fa93206c49761dec80f18d0988a3dc
  • cargo1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:4921fc28339c9cc7442001a21ff0b64535b89750
  • libstd-rust1.87-1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:6abbde36c63b97843b111cb7dd573e4021f7f3c9
  • libstd-rust1.87-dev_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:b58bcf09f8ee1b3b4afe489dc438f414420f0e04
  • rust1.87-all_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:290cfc0bcda1a9b9703c81007103c7c187f5170d
  • rust1.87-analyzer_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:271bfff1bc3b5dd78a80738853c5f692bfc53498
  • rust1.87-clippy_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:c926f82f6c7a053dc96daa32979889c8b10c2185
  • rust1.87-doc_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:34b98727485e3b36c090f15d9f2a1ff004a9ea5c
  • rust1.87-gdb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:db3d208efe96cac7518c5a0ebda1a7b7087d552f
  • rust1.87-lldb_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:9a9a542ee4dfded2c467abb1603fb4a820940022
  • rust1.87-llvm_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:4fbd883fbec870f45649dd10fb656304dd302c9f
  • rust1.87-src_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_all.deb
    sha:ace5e4890d91403521295f45149a69ce65adbd66
  • rustc1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:e07bf3906fbd7981b6bc313e3d57781706f61325
  • rustfmt1.87_1.87.0+dfsg1-1~bpo13+2+tuxcare.els6_arm64.deb
    sha:e78d27305322bcbae1418bdbcf1daeb2abf9ace7
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.