Alerts This Week
Warning Icon 1 717
Alerts This Week
Warning Icon 1 717

Fedora 43 bpfman Critical Update CVE-2026-31812 Arbitrary Permissions Issue

fedora
Calendar Grey April 2, 2026
Dist Fedora Esm H88
Update on bpfman 0.5.4 to fix CVE-2026-31812 with tar-rs adjustment for Fedora 43. Immediate actions recommended!
Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672

Summary

bpfman operates as an eBPF manager, focusing on simplifying the deployment and

administration of eBPF programs.

Update Information:

Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672

Topics%20covered

Topics Covered

security advisory security issue fedora critical bpfman arbitrary permission

Change Log

* Tue Mar 24 2026 Daniel Mellado - 0.5.4-5 - Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672

References


[ 1 ] Bug #2449672 - CVE-2026-33056 bpfman: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449672

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d62d7fe77e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bpfman
Product: Fedora 43
Version: 0.5.4
Release: 5.fc43
URL: https://bpfman.io
Summary: EBPF Program Manager

Topics%20covered

Topics Covered

security advisory security issue fedora critical bpfman arbitrary permission

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here