Ubuntu alert USN-8168-2 (rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8168-2] Rust vulnerability | |
| Date: | Tue, 14 Apr 2026 19:37:47 +0000 | |
| Message-ID: | <E1wCjZz-0008Ts-Tg@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8168-2 April 14, 2026 rustc, rustc-1.76, rustc-1.77, rustc-1.78, rustc-1.79, rustc-1.80 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: rustc could be made to modify permissions on arbitrary directories. Software Description: - rustc: Rust systems programming language - rustc-1.76: Rust systems programming language - rustc-1.77: Rust systems programming language - rustc-1.78: Rust systems programming language - rustc-1.79: Rust systems programming language - rustc-1.80: Rust systems programming language Details: USN-8168-1 fixed a vulnerability in Rust. This update provides the corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS rustc 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.76 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.77 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.78 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro rustc-1.79 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.3 Available with Ubuntu Pro rustc-1.80 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1 Available with Ubuntu Pro Ubuntu 18.04 LTS rustc 1.65.0+dfsg0ubuntu1~llvm2-0ubuntu0.18.04.1 Available with Ubuntu Pro Ubuntu 16.04 LTS rustc 1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2 Available with Ubuntu Pro Ubuntu 14.04 LTS rustc 1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8168-2 https://ubuntu.com/security/notices/USN-8168-1 CVE-2026-33056
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnelnAACgkQcpJm3tlz hgEsKxAAlH0bbGloU2g82VAQ+VA3Hh/tT7QIMy9xpUofPw23MBp4fnW4EHc7Hi/F XY1KWEPv0+619ADbPcIyNEOnZCHuJ0XNUWbxOK4OVI8uOi0EOqcL2NUWK+s3T2/O SNZiWBxU24yUyIXB/b9vjUJoT7+sTNREPokDwS2Us8glUNBoHgjl6P6+vkU2cbho oXpdggWivccK7enkIML52s/4x35mjiY21XOBARyHEsfVRMy7fNZ90mlsplp20OVH lkI2TxyfEihYMReCaTiYBYW9Wtl0Q/gf0QygysCXFbXwXxlAauOkHu/pLSPtwLNV IGlXPGrx8sC+7+mBshbsUGn1F0aaeF8Hdas/SLpI+kHvasipoNJQOurEjB01BIUK RxFVD6tIpf46wnK8weXkYGsSu1FSMA/Xas1eDsR2h8RLVTpBYJK5gORwI41/p9Zi N7N7j2RFIs1gU4qnnSdi0tiN8BCo8QdKm0ajYzK5SqWp5dgWTkBaX5e9eYfwLHyH Fodoo1KXHfU82mVtYn17MOqJv2k31pFyP1LrEm70rNTsWK2Ov19oLX7+NfJ5Q+Ol WfHrQiQ/9ZNS0pcKvWqi0TCZThyARdLlmi0gN+8CQi9N4IqDLjpKcL4KxuYox0+Q rD4wgkFM7rKP2NE6XD2ung+i02uWnJ6enmgz9ZOtD+jcffuUorc= =9BeD -----END PGP SIGNATURE-----