Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: openapi-python-client Security Fix CVE-2025-62518

fedora
Calendar Grey November 3, 2025
Dist Fedora Esm H88
An important security advisory for Fedora 41 addressing CVE-2025-62518 in openapi-python-client. Update recommended.
uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518

Summary

The openapi-python-client is a powerful tool designed to generate

modern Python clients from OpenAPI 3.0+ documents supporting both

synchronous and asynchronous HTTP requests. It automates the creation of

Python classes and methods that correspond to the endpoints and schema

defined in your OpenAPI specification, making it easier to interact with

your API in a type-safe manner.

Update Information:

uv 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for CVE-2025-62518. ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md rust-astral-tokio-tar 0.5.6 Fixed a parser desynchronization vulnerability when reading tar archives that contain mismatched size information in PAX/ustar headers. This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx and CVE-2025-62518. Initial package for python-uv-build in Fedora 42 Initial packages for a number of new dependencies for ruff and uv. Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1. Patch openapi-python-client to allow ruff 0.14

Topics%20covered

Topics Covered

security advisory security issue fedora openapi-python-client desynchronization cve-2025-62518

Change Log

* Tue Oct 21 2025 Benjamin A. Beasley - 0.24.3-2 - Allow ruff 0.14

References


[ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402441 [ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402442 [ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402443 [ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402881 [ 6 ] Bug #2402923 - uv-0.9.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2402923 [ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2405471 [ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: openapi-python-client
Product: Fedora 41
Version: 0.24.3
Release: 2.fc41
URL: https://github.com/openapi-generators/openapi-python-client
Summary: Generate modern Python clients from OpenAPI

Topics%20covered

Topics Covered

security advisory security issue fedora openapi-python-client desynchronization cve-2025-62518

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here