Ahead of tomorrow's Ubuntu 26.04 LTS release, Canonical published a blog post today outlining the state of Rust Coreutils for its premiere in this long-term support (LTS) version. Canonical also commissioned a security audit recently of Rust Coreutils that turned up 44 CVEs and 113 issues in total.

Canonical's Ravi Kant Sharma authored a post today outlining a recent decision to commission an independent external security audit of Rust Coreutils. The full audit report by Zellic hasn't yet been made public but it turned up 70 CVEs and another 73 issues, for a total of 113 issues identified. The vast majority of those issues have since been addressed.

[1]

Ubuntu 26.04 LTS is shipping with Rust Coreutils 0.8 that has most of those security fixes in place.

For Ubuntu 26.04 LTS, the cp, mv, and rm commands will be provided by GNU Coreutils. Due to those utilities in Rust Coreutils still having time-of-check to time-of-use "TOCTOU" issues. But the hope by Canonical is for "100% rust-coreutils" with Ubuntu 26.10 as by then those remaining issues should be fixed.

More details on this recent security audit, the newly-disclosed CVEs, and more can be found on [2]Ubuntu Discourse .



[1] https://www.phoronix.com/image-viewer.php?id=2026&image=ubuntu_2604_rust_coreutils_lrg

[2] https://discourse.ubuntu.com/t/an-update-on-rust-coreutils/80773/1