Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

Fedora 43: rust-astral-tokio-tar Critical Path Traversal Fix CVE-2025-59825

fedora
Calendar Grey October 3, 2025
Dist Fedora Esm H88
Path traversal vulnerability fixed in rust-astral-tokio-tar for Fedora 43. Update now to ensure system integrity.
Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv

Summary

A Rust implementation of an async TAR file reader and writer. This

library does not currently handle compression, but it is abstract over

all I/O readers and writers. Additionally, great lengths are taken to

ensure that the entire contents are never required to be entirely

resident in memory all at once.

Update Information:

Security update for path traversal CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv. Rebuilt for Python 3.14.0rc3 bytecode change

Topics%20covered

Topics Covered

security advisory security update fedora critical path traversal rust-astral-tokio-tar

Change Log

* Wed Sep 24 2025 Benjamin A. Beasley - 0.5.5-1 - Update to version 0.5.5; fixes RHBZ#2397644 - Security fix for CVE-2025-59825 / GHSA-3wgq-wrwc-vqmv

References

Fedora Update Notification FEDORA-2025-b3cc3be834 2025-10-03 00:14:50.085827+00:00 Name : rust-astral-tokio-tar Product : Fedora 43 Version : 0.5.5 Release : 1.fc43 URL : https://crates.io/crates/astral-tokio-tar Summary : Rust implementation of an async TAR file reader and writer Description : A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b3cc3be834' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-astral-tokio-tar
Product: Fedora 43
Version: 0.5.5
Release: 1.fc43
URL: https://crates.io/crates/astral-tokio-tar
Summary: Rust implementation of an async TAR file reader and writer

Topics%20covered

Topics Covered

security advisory security update fedora critical path traversal rust-astral-tokio-tar

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here