Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 42: Critical Fix for rust-tracing-subscriber CVE-2025-58160 Threat

fedora
Calendar Grey September 10, 2025
Dist Fedora Esm H88
An upgrade to the rust-tracing-subscriber version 0.3.20 addresses CVE-2025-58160, which could lead to potential log contamination. Prompt measures are recommended.
Update the tracing-subscriber crate to version 0.3.20

Summary

Utilities for implementing and composing `tracing` subscribers.

Update Information:

Update the tracing-subscriber crate to version 0.3.20. Update the matchers crate to version 0.2.0. This update also includes a fix for CVE-2025-58160. Rebuilds of dependent applications will be coordinated separately from this update.

Change Log

* Mon Sep 1 2025 Fabio Valentini - 0.3.20-1 - Update to version 0.3.20; Fixes RHBZ#2391912 * Fri Jul 25 2025 Fedora Release Engineering - 0.3.19-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2392048 - CVE-2025-58160 rust-tracing-subscriber: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392048

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-0ebd4408bd' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-tracing-subscriber
Product: Fedora 42
Version: 0.3.20
Release: 1.fc42
Summary: Utilities for implementing and composing tracing subscribers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here