Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 43: rust-astral-tokio-tar Critical CVE-2025-62518 Parser Issue

fedora
Calendar Grey November 5, 2025
Dist Fedora Esm H88
Rust-astral-tokio-tar on Fedora 43 received a critical update to fix a parser vulnerability, requires immediate action.
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3

Summary

A Rust implementation of an async TAR file reader and writer. This

library does not currently handle compression, but it is abstract over

all I/O readers and writers. Additionally, great lengths are taken to

ensure that the entire contents are never required to be entirely

resident in memory all at once.

Update Information:

uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3 Blog post maturin 1.9.6 https://github.com/PyO3/maturin/blob/v1.9.6/Changelog.md python-typing-inspection 0.4.2 (2025-10-01) Add typing_objects.is_noextraitems() python-jiter 0.11.0 https://github.com/pydantic/jiter/releases/tag/v0.11.0 python-pydantic-extra-types 2.10.6 https://github.com/pydantic/pydantic-extra-types/releases/tag/v2.10.6 Typer 0.20.0 Features \u2728 Enable command suggestions on typo by default. Upgrades \u2b06\ufe0f Add (official) support for Python 3.14. Internal Assorted small enhancements. FastAPI 0.120.1 Upgrades \u2b06\ufe0f Bump Starlette to 0.50.0. Internal \U0001f527 Add license and license-files to pyproject.toml, remove License from classifiers. 0.120.0 There are no major nor breaking changes in this release. \u2615\ufe0f The internal reference documentation now uses annotated_doc.Doc i...

Topics%20covered

Topics Covered

security advisory fedora critical DoS rust-astral-tokio-tar parser desynchronization

Change Log

* Tue Oct 21 2025 Benjamin A. Beasley - 0.5.6-1 - Update to version 0.5.6; Fixes RHBZ#2405351 - Security fix for CVE-2025-62518

References


[ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2371174 - maturin-1.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2371174 [ 3 ] Bug #2395006 - rust-serde_json-1.0.145 is available https://bugzilla.redhat.com/show_bug.cgi?id=2395006 [ 4 ] Bug #2395167 - python-jiter-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2395167 [ 5 ] Bug #2398117 - rust-regex-1.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2398117 [ 6 ] Bug #2398118 - rust-regex-automata-0.4.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2398118 [ 7 ] Bug #2398161 - fastapi-cloud-cli-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2398161 [ 8 ] Bug #2400050 - python-fastapi-0.118.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2400050 [ 9 ] Bug #2400578 - python-typing-inspection-0.4.2 is available ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4154ea83d0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-astral-tokio-tar
Product: Fedora 43
Version: 0.5.6
Release: 1.fc43
URL: https://crates.io/crates/astral-tokio-tar
Summary: Rust implementation of an async TAR file reader and writer

Topics%20covered

Topics Covered

security advisory fedora critical DoS rust-astral-tokio-tar parser desynchronization

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here