Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: rust-reqsign Command Execution Moderate Threat 2025-4154ea83d0

fedora
Calendar Grey November 5, 2025
Dist Fedora Esm H88
Critical update for rust-reqsign command execution in Fedora 43 due to significant security issue. Immediate action recommended.
uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3

Summary

Tokio-based command execution implementation for reqsign.

Update Information:

uv / python-uv-build 0.9.5 https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md ruff 0.14.2 https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md Pydantic 2.12.3 Blog post maturin 1.9.6 https://github.com/PyO3/maturin/blob/v1.9.6/Changelog.md python-typing-inspection 0.4.2 (2025-10-01) Add typing_objects.is_noextraitems() python-jiter 0.11.0 https://github.com/pydantic/jiter/releases/tag/v0.11.0 python-pydantic-extra-types 2.10.6 https://github.com/pydantic/pydantic-extra-types/releases/tag/v2.10.6 Typer 0.20.0 Features \u2728 Enable command suggestions on typo by default. Upgrades \u2b06\ufe0f Add (official) support for Python 3.14. Internal Assorted small enhancements. FastAPI 0.120.1 Upgrades \u2b06\ufe0f Bump Starlette to 0.50.0. Internal \U0001f527 Add license and license-files to pyproject.toml, remove License from classifiers. 0.120.0 There are no major nor breaking changes in this release. \u2615\ufe0f The internal reference documentation now uses annotated_doc.Doc i...

Topics%20covered

Topics Covered

security advisory security issue fedora command execution update information application update

Change Log

* Thu Oct 23 2025 Benjamin A. Beasley - 2.0.0-1 - Update to version 2.0.0; Fixes RHBZ#2402442 * Thu Oct 2 2025 Benjamin A. Beasley - 1.0.0-1 - Initial package (close RHBZ#2400111)

References


[ 1 ] Bug #2360699 - ruff-0.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2360699 [ 2 ] Bug #2371174 - maturin-1.9.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2371174 [ 3 ] Bug #2395006 - rust-serde_json-1.0.145 is available https://bugzilla.redhat.com/show_bug.cgi?id=2395006 [ 4 ] Bug #2395167 - python-jiter-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2395167 [ 5 ] Bug #2398117 - rust-regex-1.11.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2398117 [ 6 ] Bug #2398118 - rust-regex-automata-0.4.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2398118 [ 7 ] Bug #2398161 - fastapi-cloud-cli-0.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2398161 [ 8 ] Bug #2400050 - python-fastapi-0.118.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2400050 [ 9 ] Bug #2400578 - python-typing-inspection-0.4.2 is available ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4154ea83d0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rust-reqsign-command-execute-tokio
Product: Fedora 43
Version: 2.0.0
Release: 1.fc43
URL: https://crates.io/crates/reqsign-command-execute-tokio
Summary: Tokio-based command execution implementation for reqsign

Topics%20covered

Topics Covered

security advisory security issue fedora command execution update information application update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here