Ubuntu Security Notices USN-8168-1 USN-8168-1: Rust vulnerability Publication date 13 April 2026 Overview rustc could be made to modify permissions on arbitrary directories. Releases 25.10 24.04 LTS 22.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Related notices Packages rustc - Rust systems programming language rustc-1.62 - Rust systems programming language rustc-1.74 - Rust systems programming language rustc-1.76 - Rust systems programming language rustc-1.77 - Rust systems programming language rustc-1.78 - Rust systems programming language rustc-1.79 - Rust systems programming language rustc-1.80 - Rust systems programming language rustc-1.81 - Rust systems programming language rustc-1.82 - Rust systems programming language rustc-1.83 - Rust systems programming language rustc-1.84 - Rust systems programming language rustc-1.85 - Rust systems programming language rustc-1.88 - Rust systems programming language rustc-1.89 - Rust systems programming language rustc-1.91 - Rust systems programming language Details It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges. It was discovered that tar-rs embedded in rustc incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside the extraction root, and possibly escalate privileges. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 25.10 questing rustc-1.85 – 1.85.1+dfsg0ubuntu2-0ubuntu1.25.04.1 rustc-1.88 – 1.88.0+dfsg0ubuntu1-0ubuntu2 24.04 LTS noble rustc – 1.75.0+dfsg0ubuntu1-0ubuntu7.4 rustc-1.74 – 1.74.1+dfsg0ubuntu1-0ubuntu15 rustc-1.76 – 1.76.0+dfsg0ubuntu1-0ubuntu0.24.04.2 rustc-1.77 – 1.77.2+dfsg1ubuntu1-0ubuntu0.24.04.1 rustc-1.78 – 1.78.0+dfsg1ubuntu1-0ubuntu0.24.04.2 rustc-1.79 – 1.79.0+dfsg1ubuntu1-0ubuntu0.24.04.1 rustc-1.80 – 1.80.1+dfsg0ubuntu1-0ubuntu0.24.04.01 rustc-1.81 – 1.81.0+dfsg0ubuntu1-0ubuntu0.24.04.1 rustc-1.82 – 1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1 rustc-1.83 – 1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1 rustc-1.84 – 1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1 rustc-1.85 – 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu0.24.04.2 rustc-1.89 – 1.89.0+dfsg~24.04-0ubuntu0.24.04.2 rustc-1.91 – 1.91.1+dfsg~24.04-0ubuntu0.24.04.2 22.04 LTS jammy rustc – 1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.62 – 1.62.1+dfsg1-1ubuntu0.22.04.3 rustc-1.76 – 1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.77 – 1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.78 – 1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.79 – 1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.80 – 1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.22.04.1 rustc-1.81 – 1.81.0+dfsg0ubuntu0-0ubuntu0.22.04.1 rustc-1.82 – 1.82.0+dfsg0ubuntu0~jammy-0ubuntu0.22.04.1 rustc-1.83 – 1.83.0+dfsg0ubuntu2~bpo2-0ubuntu2.22.04.1 rustc-1.84 – 1.84.1+dfsg0ubuntu1~bpo10-0ubuntu4.22.04.1 rustc-1.85 – 1.85.1+dfsg0ubuntu2~bpo0-0ubuntu1.22.04.1 rustc-1.89 – 1.89.0+dfsg~24.04-0ubuntu0.22.04.2 rustc-1.91 – 1.91.1+dfsg~22.04-0ubuntu0.22.04.3 Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2026-33056 CVE-2026-33056 Related notices USN-8139-1 USN-8138-1 USN-8139-1 USN-8138-1