All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

44 CVEs in uutils: What Rust's Safety Guarantees Missed in Production

By

Matthias Endler

1mo ago· 17 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A baker's-dozen of insight crammed into one ring.

Score100TypeanalysisSentimentneutral

Summary

In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that ships by default since Ubuntu 25.10. The article analyzes these security vulnerabilities, noting that all bugs landed in a production Rust codebase written by experienced developers, yet none were caught by Rust's borrow checker, clippy lints, or cargo audit. The author reflects on the lessons learned about Rust safety guarantees and real-world software security.

Key quotes

· 3 pulled
What's notable is that all of these bugs landed in a production Rust codebase, written by people who knew what they were doing, and none of them were caught by the borrow checker, clippy lints, or cargo audit.
In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that ships by default since 25.10.
I'm not writing this to criticize the uutils team. Quite the contrary; I actually want to thank t
Snippet from the RSS feed
In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutil…

You might also wanna read

C# Span<T>: A Guide to Type-Safe Memory Management and Performance Optimization

This article explains C# Span<T> and ReadOnlySpan<T>, introduced in C# 7.2 (2017) and fully supported in .NET Core. These structures provide

blog.ndepend.com·18m ago

Flathub bans nearly all generative AI apps and submissions on Linux platform

Flathub, a popular Linux application platform, has updated its generative AI policy to effectively ban nearly all apps and submissions creat

gamingonlinux.com·19m ago

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·1h ago

Project Glasswing: AI-assisted vulnerability detection finds over 10,000 critical software flaws

Project Glasswing is a collaborative effort launched to secure critical software against potential threats from increasingly capable AI mode

anthropic.com·1h ago

Kefir C compiler development moves to private mode indefinitely

The developer of the Kefir C compiler announces the cessation of public development, transitioning the project to private mode indefinitely.

kefir.protopopov.lv·2h ago

NVIDIA releases open-source physical AI tools for robotics and autonomous vehicle development

NVIDIA has released a set of open-source "physical AI" skills and tools as part of the NVIDIA Agent Toolkit, designed to simplify robotics,

helpnetsecurity.com·2h ago