Home / mailings [USN-8168-1] Rust vulnerability
Posted on 13 April 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8168-1
April 13, 2026
rustc vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
rustc could be made to modify permissions on arbitrary directories.
Software Description:
- rustc-1.85: Rust systems programming language
- rustc-1.88: Rust systems programming language
- rustc: Rust systems programming language
- rustc-1.74: Rust systems programming language
- rustc-1.76: Rust systems programming language
- rustc-1.77: Rust systems programming language
- rustc-1.78: Rust systems programming language
- rustc-1.79: Rust systems programming language
- rustc-1.80: Rust systems programming language
- rustc-1.81: Rust systems programming language
- rustc-1.82: Rust systems programming language
- rustc-1.83: Rust systems programming language
- rustc-1.84: Rust systems programming language
- rustc-1.89: Rust systems programming language
- rustc-1.91: Rust systems programming language
- rustc-1.62: Rust systems programming language
Details:
It was discovered that tar-rs embedded in rustc incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories outside
the extraction root, and possibly escalate privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
rustc-1.85 1.85.1+dfsg0ubuntu2-0ubuntu1.25.04.1
rustc-1.88 1.88.0+dfsg0ubuntu1-0ubuntu2
Ubuntu 24.04 LTS
rustc 1.75.0+dfsg0ubuntu1-0ubuntu7.4
rustc-1.74 1.74.1+dfsg0ubuntu1-0ubuntu15
rustc-1.76 1.76.0+dfsg0ubuntu1-0ubuntu0.24.04.2
rustc-1.77 1.77.2+dfsg1ubuntu1-0ubuntu0.24.04.1
rustc-1.78 1.78.0+dfsg1ubuntu1-0ubuntu0.24.04.2
rustc-1.79 1.79.0+dfsg1ubuntu1-0ubuntu0.24.04.1
rustc-1.80 1.80.1+dfsg0ubuntu1-0ubuntu0.24.04.01
rustc-1.81 1.81.0+dfsg0ubuntu1-0ubuntu0.24.04.1
rustc-1.82 1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1
rustc-1.83 1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1
rustc-1.84 1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1
rustc-1.85 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu0.24.04.2
rustc-1.89 1.89.0+dfsg~24.04-0ubuntu0.24.04.2
rustc-1.91 1.91.1+dfsg~24.04-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
rustc 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
rustc-1.62 1.62.1+dfsg1-1ubuntu0.22.04.3
rustc-1.76 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
rustc-1.77 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
rustc-1.78 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
rustc-1.79 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
rustc-1.80 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
rustc-1.81 1.81.0+dfsg0ubuntu0-0ubuntu0.22.04.1
rustc-1.82 1.82.0+dfsg0ubuntu0~jammy-0ubuntu0.22.04.1
rustc-1.83 1.83.0+dfsg0ubuntu2~bpo2-0ubuntu2.22.04.1
rustc-1.84 1.84.1+dfsg0ubuntu1~bpo10-0ubuntu4.22.04.1
rustc-1.85 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu1.22.04.1
rustc-1.89 1.89.0+dfsg~24.04-0ubuntu0.22.04.2
rustc-1.91 1.91.1+dfsg~22.04-0ubuntu0.22.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8168-1
CVE-2026-33056
Package Information:
https://launchpad.net/ubuntu/+source/rustc-1.85/1.85.1+dfsg0ubuntu2-0ubuntu1.25.04.1
https://launchpad.net/ubuntu/+source/rustc-1.88/1.88.0+dfsg0ubuntu1-0ubuntu2
https://launchpad.net/ubuntu/+source/rustc/1.75.0+dfsg0ubuntu1-0ubuntu7.4
https://launchpad.net/ubuntu/+source/rustc-1.74/1.74.1+dfsg0ubuntu1-0ubuntu15
https://launchpad.net/ubuntu/+source/rustc-1.76/1.76.0+dfsg0ubuntu1-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/rustc-1.77/1.77.2+dfsg1ubuntu1-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/rustc-1.78/1.78.0+dfsg1ubuntu1-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/rustc-1.79/1.79.0+dfsg1ubuntu1-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/rustc-1.80/1.80.1+dfsg0ubuntu1-0ubuntu0.24.04.01
https://launchpad.net/ubuntu/+source/rustc-1.81/1.81.0+dfsg0ubuntu1-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/rustc-1.82/1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/rustc-1.83/1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/rustc-1.84/1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1
https://launchpad.net/ubuntu/+source/rustc-1.85/1.85.1+dfsg0ubuntu2~bpo0-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/rustc-1.89/1.89.0+dfsg~24.04-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/rustc-1.91/1.91.1+dfsg~24.04-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/rustc/1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.62/1.62.1+dfsg1-1ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/rustc-1.76/1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.77/1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.78/1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.79/1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.80/1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.81/1.81.0+dfsg0ubuntu0-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.82/1.82.0+dfsg0ubuntu0~jammy-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.83/1.83.0+dfsg0ubuntu2~bpo2-0ubuntu2.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.84/1.84.1+dfsg0ubuntu1~bpo10-0ubuntu4.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.85/1.85.1+dfsg0ubuntu2~bpo0-0ubuntu1.22.04.1
https://launchpad.net/ubuntu/+source/rustc-1.89/1.89.0+dfsg~24.04-0ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/rustc-1.91/1.91.1+dfsg~22.04-0ubuntu0.22.04.3
--===============3830224237674366627==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
