rustc could be made to modify permissions on arbitrary directories.
Software Description:
- rustc: Rust systems programming language
- rustc-1.76: Rust systems programming language
- rustc-1.77: Rust systems programming language
- rustc-1.78: Rust systems programming language
- rustc-1.79: Rust systems programming language
- rustc-1.80: Rust systems programming language
Details:
USN-8168-1 fixed a vulnerability in Rust. This update provides the
corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that tar-rs embedded in rustc incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories
outside the extraction root, and possibly escalate privileges.
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
rustc 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.76 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.77 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.78 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.79 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.3
Available with Ubuntu Pro
rustc-1.80 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
rustc 1.65.0+dfsg0ubuntu1~llvm2-0ubuntu0.18.04.1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
rustc 1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
rustc 1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.https://ubuntu.com/security/notices/USN-8168-2
https://ubuntu.com/security/notices/USN-8168-1
CVE-2026-33056
Get the latest Linux and open source security news straight to your inbox.