Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

Fedora 42 python-fastar Critical Update 2026-23bb71ea52 Alert

fedora
Calendar Grey March 29, 2026
Dist Fedora Esm H88
High-level python package python-fastar updated to fix critical security issues in Fedora 42 affecting archive processing.
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766

Summary

The fastar library wraps the Rust tar, flate2, and zstd crates, providing a

high-performance way to work with compressed and uncompressed tar archives in

Python.

Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.

Topics%20covered

Topics Covered

security advisory fedora critical arbitrary modification python-fastar archive misinterpretation

Change Log

* Sat Mar 21 2026 Benjamin A. Beasley - 0.8.0-4 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 * Fri Mar 20 2026 Benjamin A. Beasley - 0.8.0-3 - Allow PyO3 0.28 * Sat Jan 17 2026 Fedora Release Engineering - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2449547 [ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2449549 [ 7 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=244964...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: python-fastar
Product: Fedora 42
Version: 0.8.0
Release: 4.fc42
URL: https://github.com/DoctorJohn/fastar
Summary: High-level bindings for the Rust tar crate

Topics%20covered

Topics Covered

security advisory fedora critical arbitrary modification python-fastar archive misinterpretation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here