Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Fedora 44 attr Critical Symlink Traversal Escalation Vuln CVE-2026-54371

fedora
Calendar Grey July 10, 2026
Dist Fedora Esm H88
Fedora 44 update for attr addresses critical symlink traversal risk via CVE-2026-54371. Apply the update immediately.
rebase to v2.6.0 to fix CVE-2026-54371

Summary

A set of tools for manipulating extended attributes on filesystem

objects, in particular getfattr(1) and setfattr(1).

An attr(1) command is also provided which is largely compatible

with the SGI IRIX tool of the same name.

Update Information:

rebase to v2.6.0 to fix CVE-2026-54371

Change Log

* Thu Jul 9 2026 Lukáš Zaoral - 2.6.0-1 - rebase to v2.6.0 to fix the following CVEs: - CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172)

References


[ 1 ] Bug #2494172 - CVE-2026-54371 attr: Symlink Traversal Privilege Escalation via getfattr [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494172

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-daa458d11d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: attr
Product: Fedora 44
Version: 2.6.0
Release: 1.fc44
Summary: Utilities for managing filesystem extended attributes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.