Home / mailingsPDF  

[USN-8168-2] Rust vulnerability

Posted on 14 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8168-2
April 14, 2026

rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80
vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

rustc could be made to modify permissions on arbitrary directories.

Software Description:
- rustc: Rust systems programming language
- rustc-1.76: Rust systems programming language
- rustc-1.77: Rust systems programming language
- rustc-1.78: Rust systems programming language
- rustc-1.79: Rust systems programming language
- rustc-1.80: Rust systems programming language

Details:

USN-8168-1 fixed a vulnerability in Rust. This update provides the
corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that tar-rs embedded in rustc incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories
outside the extraction root, and possibly escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
rustc 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.76 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.77 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.78 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro
rustc-1.79 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.3
Available with Ubuntu Pro
rustc-1.80 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
rustc 1.65.0+dfsg0ubuntu1~llvm2-0ubuntu0.18.04.1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
rustc 1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
rustc 1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8168-2
https://ubuntu.com/security/notices/USN-8168-1
CVE-2026-33056

--===============4169392854283841938==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :