1. Ubuntu Security Notices
  2. USN-8168-2

USN-8168-2: Rust vulnerability

Publication date

14 April 2026

Overview

rustc could be made to modify permissions on arbitrary directories.

Releases

Packages

  • rustc - Rust systems programming language
  • rustc-1.76 - Rust systems programming language
  • rustc-1.77 - Rust systems programming language
  • rustc-1.78 - Rust systems programming language
  • rustc-1.79 - Rust systems programming language
  • rustc-1.80 - Rust systems programming language

Details

USN-8168-1 fixed a vulnerability in Rust. This update provides the
corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that tar-rs embedded in rustc incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories
outside the extraction root, and possibly escalate privileges.

USN-8168-1 fixed a vulnerability in Rust. This update provides the
corresponding update to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS and Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that tar-rs embedded in rustc incorrectly handled
symlinks when unpacking a tar archive. If a user or automated system were
tricked into processing a specially crafted tar archive, a remote attacker
could use this issue to modify permissions of arbitrary directories
outside the extraction root, and possibly escalate privileges.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
20.04 LTS focal rustc –  1.75.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1  
rustc-1.76 –  1.76.0+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1  
rustc-1.77 –  1.77.2+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1  
rustc-1.78 –  1.78.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.1  
rustc-1.79 –  1.79.0+dfsg1ubuntu1~bpo0-0ubuntu0.20.04.3  
rustc-1.80 –  1.80.1+dfsg0ubuntu1~bpo0-0ubuntu0.20.04.1  
18.04 LTS bionic rustc –  1.65.0+dfsg0ubuntu1~llvm2-0ubuntu0.18.04.1  
16.04 LTS xenial rustc –  1.47.0+dfsg1+llvm-1ubuntu1~16.04.1ubuntu2  
14.04 LTS trusty rustc –  1.31.0+dfsg1+llvm-2ubuntu1~14.04.1ubuntu1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›