Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 43 Outlook Essential Duration Stack Depletion CVE-2026-25538

fedora
Calendar Grey February 10, 2026
Dist Fedora Esm H88
Critical Fedora 43 update addresses JSON Web Token type confusion and time crate stack exhaustion vulnerabilities.
Update the time crate to version 0.3.47

Summary

UI for building, configuring, and running Monado, the open source

OpenXR runtime.

This is still highly experimental software, while it's unlikely that

anything bad will happen, it's still unstable and there is no guarantee

that it will work on your system, with your particular hardware. If you

encounter any problems while using the app, make sure to open an issue.

Also consider that due to the unstable nature of the app, it's possible

to encounter unexpected behavior that while in VR might cause motion

sickness or physical injury. Be very careful while in VR using this app!

Update Information:

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

Topics%20covered

Topics Covered

security advisory fedora update critical authorization bypass stack exhaustion

Change Log

* Sat Feb 7 2026 Jonathan Steffan - 3.2.0-7 - Update wivrn build Requires. * Sat Feb 7 2026 Fabio Valentini - 3.2.0-6 - Bump git2 dependency to 0.20 and simplify packaging * Thu Jan 29 2026 Nicolas Chauvet - 3.2.0-5 - Add FTBFS for https://gitlab.com/gabmus/envision/-/issues/256 * Thu Jan 29 2026 Nicolas Chauvet - 3.2.0-4 - Rebuilt for OpenCV 4.13 * Fri Jan 16 2026 Fedora Release Engineering - 3.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437470 [ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437472 [ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438104 [ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438135 [ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438138 [ 6 ] Bug #2438149 - CVE-2026-25727 rus...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: envision
Product: Fedora 43
Version: 3.2.0
Release: 7.fc43
URL: https://gitlab.com/gabmus/envision
Summary: UI for building, configuring, and running Monado/WiVRn

Topics%20covered

Topics Covered

security advisory fedora update critical authorization bypass stack exhaustion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here