USN-8168-1: Rust vulnerability

Packages

rustc - Rust systems programming language
rustc-1.62 - Rust systems programming language
rustc-1.74 - Rust systems programming language
rustc-1.76 - Rust systems programming language
rustc-1.77 - Rust systems programming language
rustc-1.78 - Rust systems programming language
rustc-1.79 - Rust systems programming language
rustc-1.80 - Rust systems programming language
rustc-1.81 - Rust systems programming language
rustc-1.82 - Rust systems programming language
rustc-1.83 - Rust systems programming language
rustc-1.84 - Rust systems programming language
rustc-1.85 - Rust systems programming language
rustc-1.88 - Rust systems programming language
rustc-1.89 - Rust systems programming language
rustc-1.91 - Rust systems programming language

Details

It was discovered that tar-rs embedded in rustc incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories outside
the extraction root, and possibly escalate privileges.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

Ubuntu Release	Package Version
25.10 questing	rustc-1.85 – 1.85.1+dfsg0ubuntu2-0ubuntu1.25.04.1
25.10 questing	rustc-1.88 – 1.88.0+dfsg0ubuntu1-0ubuntu2
24.04 LTS noble	rustc – 1.75.0+dfsg0ubuntu1-0ubuntu7.4
	rustc-1.74 – 1.74.1+dfsg0ubuntu1-0ubuntu15
	rustc-1.76 – 1.76.0+dfsg0ubuntu1-0ubuntu0.24.04.2
	rustc-1.77 – 1.77.2+dfsg1ubuntu1-0ubuntu0.24.04.1
	rustc-1.78 – 1.78.0+dfsg1ubuntu1-0ubuntu0.24.04.2
	rustc-1.79 – 1.79.0+dfsg1ubuntu1-0ubuntu0.24.04.1
	rustc-1.80 – 1.80.1+dfsg0ubuntu1-0ubuntu0.24.04.01
	rustc-1.81 – 1.81.0+dfsg0ubuntu1-0ubuntu0.24.04.1
	rustc-1.82 – 1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1
	rustc-1.83 – 1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1
	rustc-1.84 – 1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1
	rustc-1.85 – 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu0.24.04.2
	rustc-1.89 – 1.89.0+dfsg~24.04-0ubuntu0.24.04.2
	rustc-1.91 – 1.91.1+dfsg~24.04-0ubuntu0.24.04.2
22.04 LTS jammy	rustc – 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
	rustc-1.62 – 1.62.1+dfsg1-1ubuntu0.22.04.3
	rustc-1.76 – 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
	rustc-1.77 – 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
	rustc-1.78 – 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
	rustc-1.79 – 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
	rustc-1.80 – 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
	rustc-1.81 – 1.81.0+dfsg0ubuntu0-0ubuntu0.22.04.1
	rustc-1.82 – 1.82.0+dfsg0ubuntu0~jammy-0ubuntu0.22.04.1
	rustc-1.83 – 1.83.0+dfsg0ubuntu2~bpo2-0ubuntu2.22.04.1
	rustc-1.84 – 1.84.1+dfsg0ubuntu1~bpo10-0ubuntu4.22.04.1
	rustc-1.85 – 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu1.22.04.1
	rustc-1.89 – 1.89.0+dfsg~24.04-0ubuntu0.22.04.2
	rustc-1.91 – 1.91.1+dfsg~22.04-0ubuntu0.22.04.3

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

CVE-2026-33056

CVE-2026-33056

Packages

Details

Update instructions

Reduce your security exposure

References

Related notices