Public bug reported:
CVE record: https://www.cve.org/CVERecord?id=CVE-2026-33056
Rust packages which vendor tar-rs 0.4.44 and below bundle in a
vulnerability which allows malicious crates to change the
permissions on arbitrary directories.
** Affects: asusctl (Ubuntu)
Importance: Undecided
Status: New
** Affects: cargo (Ubuntu)
Importance: Undecided
Status: New
** Affects: rust-astral-tokio-tar (Ubuntu)
Importance: Undecided
Status: New
** Affects: rust-async-tar (Ubuntu)
Importance: Undecided
Status: New
** Affects: rust-cargo-c (Ubuntu)
Importance: Undecided
Status: New
** Affects: rust-tar (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.62 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.74 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.76 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.77 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.78 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.79 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.80 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.81 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.82 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.83 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.84 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.85 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.88 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.89 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.90 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.91 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.92 (Ubuntu)
Importance: Undecided
Status: New
** Affects: rustc-1.93 (Ubuntu)
Importance: Critical
Assignee: Max Gilmour (maxgmr)
Status: In Progress
** Affects: cargo (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rust-tar (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.62 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.76 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.77 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.78 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.79 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.80 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.81 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.82 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.83 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.84 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.85 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: rustc-1.89 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Affects: cargo (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rust-async-tar (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rust-cargo-c (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rust-tar (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.74 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.76 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.77 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.78 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.79 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.80 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.81 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.82 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.83 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.84 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.85 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.89 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rustc-1.91 (Ubuntu Noble)
Importance: Undecided
Status: New
** Affects: rust-async-tar (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: rust-cargo-c (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: rust-tar (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: rustc-1.85 (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: rustc-1.88 (Ubuntu Questing)
Importance: Undecided
Status: New
** Affects: asusctl (Ubuntu Resolute)
Importance: Undecided
Status: New
** Affects: rust-cargo-c (Ubuntu Resolute)
Importance: Undecided
Status: New
** Affects: rust-tar (Ubuntu Resolute)
Importance: Undecided
Status: New
** Affects: rustc-1.91 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Affects: rustc-1.92 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Affects: rustc-1.93 (Ubuntu Resolute)
Importance: Critical
Assignee: Max Gilmour (maxgmr)
Status: In Progress
** Also affects: asusctl (Ubuntu)
Importance: Undecided
Status: New
** Also affects: cargo (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rust-async-tar (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rust-cargo-c (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rust-tar (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.62 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.74 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.76 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.77 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.78 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.79 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.80 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.81 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.82 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.83 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.84 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.85 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.88 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.89 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.90 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.91 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: rustc-1.92 (Ubuntu)
Importance: Undecided
Status: New
** Also affects: cargo (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rust-tar (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rust-cargo-c (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.62 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: asusctl (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rust-async-tar (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.74 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.76 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.77 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.78 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.79 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.80 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.81 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.82 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.83 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.84 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.85 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.88 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.89 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.90 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.91 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.92 (Ubuntu Resolute)
Importance: Undecided
Status: New
** Also affects: rustc-1.93 (Ubuntu Resolute)
Importance: Critical
Status: In Progress
** No longer affects: cargo (Ubuntu Resolute)
** No longer affects: rust-async-tar (Ubuntu Resolute)
** No longer affects: rustc (Ubuntu Resolute)
** No longer affects: rustc-1.62 (Ubuntu Resolute)
** No longer affects: rustc-1.74 (Ubuntu Resolute)
** No longer affects: rustc-1.76 (Ubuntu Resolute)
** No longer affects: rustc-1.77 (Ubuntu Resolute)
** No longer affects: rustc-1.78 (Ubuntu Resolute)
** No longer affects: rustc-1.79 (Ubuntu Resolute)
** No longer affects: rustc-1.80 (Ubuntu Resolute)
** No longer affects: rustc-1.81 (Ubuntu Resolute)
** No longer affects: rustc-1.82 (Ubuntu Resolute)
** No longer affects: rustc-1.83 (Ubuntu Resolute)
** No longer affects: rustc-1.84 (Ubuntu Resolute)
** No longer affects: rustc-1.85 (Ubuntu Resolute)
** No longer affects: rustc-1.88 (Ubuntu Resolute)
** No longer affects: rustc-1.89 (Ubuntu Resolute)
** No longer affects: rustc-1.90 (Ubuntu Resolute)
** Also affects: cargo (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rust-tar (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rust-cargo-c (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.62 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: asusctl (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rust-async-tar (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.74 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.76 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.77 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.78 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.79 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.80 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.81 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.82 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.83 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.84 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.85 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.88 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.89 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.90 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.91 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.92 (Ubuntu Questing)
Importance: Undecided
Status: New
** Also affects: rustc-1.93 (Ubuntu Questing)
Importance: Undecided
Status: New
** No longer affects: asusctl (Ubuntu Questing)
** No longer affects: cargo (Ubuntu Questing)
** No longer affects: rustc (Ubuntu Questing)
** No longer affects: rustc-1.62 (Ubuntu Questing)
** No longer affects: rustc-1.74 (Ubuntu Questing)
** No longer affects: rustc-1.76 (Ubuntu Questing)
** No longer affects: rustc-1.77 (Ubuntu Questing)
** No longer affects: rustc-1.79 (Ubuntu Questing)
** No longer affects: rustc-1.78 (Ubuntu Questing)
** No longer affects: rustc-1.80 (Ubuntu Questing)
** No longer affects: rustc-1.81 (Ubuntu Questing)
** No longer affects: rustc-1.82 (Ubuntu Questing)
** No longer affects: rustc-1.83 (Ubuntu Questing)
** No longer affects: rustc-1.84 (Ubuntu Questing)
** No longer affects: rustc-1.89 (Ubuntu Questing)
** No longer affects: rustc-1.90 (Ubuntu Questing)
** No longer affects: rustc-1.91 (Ubuntu Questing)
** No longer affects: rustc-1.92 (Ubuntu Questing)
** No longer affects: rustc-1.93 (Ubuntu Questing)
** Also affects: cargo (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rust-tar (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rust-cargo-c (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.62 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: asusctl (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rust-async-tar (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.74 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.76 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.77 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.78 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.79 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.80 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.81 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.82 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.83 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.84 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.85 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.88 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.89 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.90 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.91 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.92 (Ubuntu Noble)
Importance: Undecided
Status: New
** Also affects: rustc-1.93 (Ubuntu Noble)
Importance: Undecided
Status: New
** No longer affects: asusctl (Ubuntu Noble)
** No longer affects: rustc-1.62 (Ubuntu Noble)
** No longer affects: rustc-1.88 (Ubuntu Noble)
** No longer affects: rustc-1.90 (Ubuntu Noble)
** No longer affects: rustc-1.92 (Ubuntu Noble)
** No longer affects: rustc-1.93 (Ubuntu Noble)
** Also affects: rust-astral-tokio-tar (Ubuntu)
Importance: Undecided
Status: New
** Also affects: cargo (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rust-tar (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rust-cargo-c (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.62 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: asusctl (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rust-async-tar (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.74 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.76 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.77 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.78 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.79 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.80 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.81 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.82 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.83 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.84 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rust-astral-tokio-tar (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.85 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.88 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.89 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.90 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.91 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.92 (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: rustc-1.93 (Ubuntu Jammy)
Importance: Undecided
Status: New
** No longer affects: rustc-1.74 (Ubuntu Jammy)
** No longer affects: rustc-1.88 (Ubuntu Jammy)
** No longer affects: rustc-1.90 (Ubuntu Jammy)
** No longer affects: rustc-1.91 (Ubuntu Jammy)
** No longer affects: rustc-1.92 (Ubuntu Jammy)
** No longer affects: rustc-1.93 (Ubuntu Jammy)
** No longer affects: asusctl (Ubuntu Jammy)
** No longer affects: rust-astral-tokio-tar (Ubuntu Jammy)
** No longer affects: rust-async-tar (Ubuntu Jammy)
** No longer affects: rust-cargo-c (Ubuntu Jammy)
** Changed in: rustc-1.93 (Ubuntu Resolute)
Assignee: (unassigned) => Max Gilmour (maxgmr)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2145764
Title:
CVE-2026-33056: Vendored tar crate can chmod arbitrary directories by
following symlinks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/asusctl/+bug/2145764/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
