Not a user yet?
Log in Register for free Suggest a product
Update

USN-8138-1: tar-rs vulnerability

Ubuntu DesktopUbuntu Desktop
Canonical

USN-8138-1: tar-rs vulnerability

Publication date: 1 April 2026
Overview: tar-rs could be made to modify permissions on arbitrary directories.

Packages
rust-tar - A tar archive reading/writing library for Rust

Details
It was discovered that tar-rs incorrectly handled symlinks when unpacking a
tar archive. If a user or automated system were tricked into processing a
specially crafted tar archive, a remote attacker could use this issue to
modify permissions of arbitrary directories outside the extraction root,
and possibly escalate privileges.

Update instructions
The problem can be corrected by updating your system to the following package versions:

25.10 questing:

  • librust-tar-dev – 0.4.43-4ubuntu0.1

24.04 LTS noble:

  • librust-tar-dev – 0.4.40-1ubuntu0.1

22.04 LTS jammy :

  • librust-tar+default-dev – 0.4.37-3ubuntu0.1
  • librust-tar-dev – 0.4.37-3ubuntu0.1
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad