Fedora 43 fido-device-onboard Major Denial of Service Vulnerabilities Found

fedora

April 10, 2026

Automatic update for fido-device-onboard-0.5.5-8.fc43

Summary

A rust implementation of the FIDO Device Onboard Specification.

Update Information:

Automatic update for fido-device-onboard-0.5.5-8.fc43. Changelog for fido-device-onboard * Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley - 0.5.5-7 - In Fedora, update nix dependency from 0.26 to 0.31 * Mon Feb 02 2026 Maxwell G - 0.5.5-6 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 0.5.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Maxwell G - 0.5.5-4 - Rebuild for golang 1.25.2

Topics Covered

security advisory denial of service fedora vulnerability arbitrary permission modification fido-device-onboard

Change Log

* Wed Apr 1 2026 Peter Robinson - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley - 0.5.5-7 - In Fedora, update nix dependency from 0.26 to 0.31 * Mon Feb 2 2026 Maxwell G - 0.5.5-6 - Rebuild for https://fedoraproject.org/wiki/Changes/golang1.26 * Fri Jan 16 2026 Fedora Release Engineering - 0.5.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Oct 10 2025 Maxwell G - 0.5.5-4 - Rebuild for golang 1.25.2

References

[ 1 ] Bug #2438126 - CVE-2026-25727 fido-device-onboard: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438126 [ 2 ] Bug #2449677 - CVE-2026-33056 fido-device-onboard: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449677

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e6237c2efe' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity

critical

Lowest

Low

Medium

High

Critical

Name: fido-device-onboard

Product: Fedora 43

Version: 0.5.5

Release: 8.fc43

URL: https://github.com/fdo-rs/fido-device-onboard-rs

Summary: A rust implementation of the FIDO Device Onboard Specification

Topics Covered

security advisory denial of service fedora vulnerability arbitrary permission modification fido-device-onboard

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43 fido-device-onboard Major Denial of Service Vulnerabilities Found

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

Fedora 43 fido-device-onboard Major Denial of Service Vulnerabilities Found

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!