Ubuntu 20.04 LTS tar-rs Key Remote Permissions Mod Flaw USN-8138-2
Apr 14, 2026
•
LinuxSecurity Advisories
1 min read
Topics Covered
tar-rs could be made to modify permissions on arbitrary directories.
==========================================================================
Ubuntu Security Notice USN-8138-2
April 14, 2026
rust-tar vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
tar-rs could be made to modify permissions on arbitrary directories.
Software Description:
- rust-tar: A tar archive reading/writing library for Rust
Details:
USN-8138-1 fixed a vulnerability in tar-rs. This update provides the
corresponding update for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that tar-rs incorrectly handled symlinks when unpacking
a tar archive. If a user or automated system were tricked into processing
a specially crafted tar archive, a remote attacker could use this issue to
modify permissions of arbitrary directories outside the extraction root,
and possibly escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
librust-tar-dev 0.4.26-1ubuntu0.1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8138-2
https://ubuntu.com/security/notices/USN-8138-1
CVE-2026-33056
PREVIOUS
NEXT
Ubuntu 20.04 LTS tar-rs Key Remote Permissions Mod Flaw USN-8138-2
ubuntu
April 14, 2026
tar-rs could be made to modify permissions on arbitrary directories.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: tar-rs could be made to modify permissions on arbitrary directories. Software Description: - rust-tar: A tar archive reading/writing library for Rust Details: USN-8138-1 fixed a vulnerability in tar-rs. This update provides the corresponding update for Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS librust-tar-dev 0.4.26-1ubuntu0.1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8138-2
https://ubuntu.com/security/notices/USN-8138-1
CVE-2026-33056
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8138-2
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!