[CLSA-2026:1783941586] Fix CVE(s): CVE-2026-33055
Type:
security
Severity:
Moderate
Release date:
2026-07-13 11:20:04 UTC
Description:
* SECURITY UPDATE: PAX size smuggling / parser type confusion in vendored tar crate - debian/patches/CVE-2026-33055.patch: unconditionally apply the PAX extended header size override in vendor/tar-0.4.44/src/archive.rs so a nonzero base header size no longer suppresses the PAX size, aligning parsing with Go's archive/tar and astral-tokio-tar and preventing hidden smuggled entries - CVE-2026-33055
CVEs fixed:
Updated packages:
  • cargo1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:292e7ea421cfcdd7b4269198f757cc2c785854db
  • cargo1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:b9da933ccd2957fea88c12877759b7a3c8b067e6
  • libstd-rust1.88-1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:8c3d1cd6e75dd7f8a677384eb7cee150c9bd10d9
  • libstd-rust1.88-dev_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:56882d6351e436caafe5f6a2c7e95bd430f30300
  • rust1.88-all_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:e72985b6bf6ccfe943ec73c7c0f684fb5b1353a4
  • rust1.88-analyzer_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:c287dc116ad18258f959f1b8d5d463212fc72e10
  • rust1.88-clippy_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:f2f571f610c2f0dcc5d9700ba2cdc4565921e4d1
  • rust1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:8829403920770706fb91e8317d8680689ec86c1e
  • rust1.88-gdb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:058d8a4eb93d24aed9f683ab354774049e25ebd6
  • rust1.88-lldb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:1a8ddf391a8f0cc26fb676f9c63437f2c9503417
  • rust1.88-llvm_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:e520a47be4b8fb1cdee3d59abe5b01249e3f4117
  • rust1.88-src_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:2a7ad2fed7f7622da0ec8ff8731bc8667d54c8f9
  • rustc1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:942800b3ad5735a0d47e65791402dca069f288df
  • rustfmt1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_amd64.deb
    sha:f6ec45e83709caa8946206911ddb988675f7223e
  • cargo1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:d71170e2a0929f721dc3d80030114f5084e5fcef
  • cargo1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:b9da933ccd2957fea88c12877759b7a3c8b067e6
  • libstd-rust1.88-1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:1a3d220fce7c2c1d1cf3c25cc8f0e8155c344fd3
  • libstd-rust1.88-dev_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:dd0205c2ac8ecc1ad88ccc46b705e7e729a8435b
  • rust1.88-all_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:e72985b6bf6ccfe943ec73c7c0f684fb5b1353a4
  • rust1.88-analyzer_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:be079d019b96f30a4a575823d34d36fe2729e7e9
  • rust1.88-clippy_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:42d1c87986b5cd276898c5c4a678d510160ca139
  • rust1.88-doc_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:8829403920770706fb91e8317d8680689ec86c1e
  • rust1.88-gdb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:058d8a4eb93d24aed9f683ab354774049e25ebd6
  • rust1.88-lldb_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:1a8ddf391a8f0cc26fb676f9c63437f2c9503417
  • rust1.88-llvm_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:c63a4c96fbcc7602e91133e9ac128a0caf2ffac6
  • rust1.88-src_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_all.deb
    sha:2a7ad2fed7f7622da0ec8ff8731bc8667d54c8f9
  • rustc1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:7df97ec38cdd7889f322809d750a6baf47e52d25
  • rustfmt1.88_1.88.0+dfsg1-2~bpo13+1+tuxcare.els6_arm64.deb
    sha:c818c427ad89353986cdf5379c6182e8f58468de
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.