Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 25.10 Rust-Tar Key Permissions Escalation USN-8138-1 CVE-2026-33056

ubuntu
Calendar Grey April 1, 2026
Dist Ubuntu Esm H88
A critical rust-tar issue allows permission modifications on arbitrary directories. Update for Ubuntu systems to secure your environment.
tar-rs could be made to modify permissions on arbitrary directories.

Summary

tar-rs could be made to modify permissions on arbitrary directories.

Software Description:

- rust-tar: A tar archive reading/writing library for Rust

Details:

It was discovered that tar-rs incorrectly handled symlinks when unpacking a

tar archive. If a user or automated system were tricked into processing a

specially crafted tar archive, a remote attacker could use this issue to

modify permissions of arbitrary directories outside the extraction root,

and possibly escalate privileges.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  librust-tar-dev                 0.4.43-4ubuntu0.1

Ubuntu 24.04 LTS
  librust-tar-dev                 0.4.40-1ubuntu0.1

Ubuntu 22.04 LTS
  librust-tar+default-dev         0.4.37-3ubuntu0.1
  librust-tar-dev                 0.4.37-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8138-1

CVE-2026-33056

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8138-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.