Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 44 uv Update 0.10.2 Fixes CVE-2026-32766 Arbitrary Permissions

fedora
Calendar Grey March 28, 2026
Dist Fedora Esm H88
Address critical updates in Fedora 44 for rust packages, resolving key security issues and enhancing package management.
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766

Summary

An extremely fast Python package and project manager, written in Rust.

Highlights:

\u2022 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine,

virtualenv, and more.

\u2022 10-100x faster than pip.

\u2022 Provides comprehensive project management, with a universal lockfile.

\u2022 Runs scripts, with support for inline dependency metadata.

\u2022 Installs and manages Python versions.

\u2022 Runs and installs tools published as Python packages.

\u2022 Includes a pip-compatible interface for a performance boost with a familiar

CLI.

\u2022 Supports Cargo-style workspaces for scalable projects.

\u2022 Disk-space efficient, with a global cache for dependency deduplication.

Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.

Topics%20covered

Topics Covered

security advisory fedora update rust cve-2026-32766 arbitrary permissions

Change Log

* Fri Mar 20 2026 Benjamin A. Beasley - 0.10.12-1 - Update to 0.10.12 (close RHBZ#2449243) * Tue Mar 17 2026 Benjamin A. Beasley - 0.10.11-1 - Update to 0.10.11 (close RHBZ#2448300) * Sun Mar 15 2026 Benjamin A. Beasley - 0.10.10-1 - Update to 0.10.10 (close RHBZ#2447540)

References


[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449645 [ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449681 [ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449683 [ 8 ] Bug #2449684...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: uv
Product: Fedora 44
Version: 0.10.12
Release: 1.fc44
URL: https://github.com/astral-sh/uv
Summary: An extremely fast Python package installer and resolver, written in Rust

Topics%20covered

Topics Covered

security advisory fedora update rust cve-2026-32766 arbitrary permissions

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here