Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 526
Alerts This Week
Warning Icon 1 526

Fedora 42 Advisory 2025-5e50082948: rust-astral-tokio-tar CVE-2025-59825

fedora
Calendar Grey October 3, 2025
Scroller Fedora
Security update for rust-astral-tokio-tar in Fedora 42 addresses CVE-2025-59825 path traversal risk.
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.

Summary

A Rust implementation of an async TAR file reader and writer. This

library does not currently handle compression, but it is abstract over

all I/O readers and writers. Additionally, great lengths are taken to

ensure that the entire contents are never required to be entirely

resident in memory all at once.

Update Information:

Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv.

Change Log

* Wed Sep 24 2025 Benjamin A. Beasley - 0.5.5-1 - Update to version 0.5.5; fixes RHBZ#2397644 - Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv

References


[ 1 ] Bug #2397719 - CVE-2025-59825 rust-astral-tokio-tar: astral-tokio-tar path traversal [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2397719 [ 2 ] Bug #2397720 - CVE-2025-59825 uv: astral-tokio-tar path traversal [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2397720

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5e50082948' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rust-astral-tokio-tar
Product: Fedora 42
Version: 0.5.5
Release: 1.fc42
Summary: Rust implementation of an async TAR file reader and writer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.