Explore top 10 tips to secure your open-source projects now. Read More
×
tar-rs could be made to modify permissions on arbitrary directories.
Software Description:
- rust-tar: A tar archive reading/writing library for Rust
Details:
It was discovered that tar-rs incorrectly handled symlinks when unpacking a
tar archive. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could use this issue to
modify permissions of arbitrary directories outside the extraction root,
and possibly escalate privileges.
The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 librust-tar-dev 0.4.43-4ubuntu0.1 Ubuntu 24.04 LTS librust-tar-dev 0.4.40-1ubuntu0.1 Ubuntu 22.04 LTS librust-tar+default-dev 0.4.37-3ubuntu0.1 librust-tar-dev 0.4.37-3ubuntu0.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8138-1
CVE-2026-33056
Get the latest Linux and open source security news straight to your inbox.