Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Fedora 42 rust-astral-tokio-tar Important Patch for Archive Handling Fix

fedora
Calendar Grey March 29, 2026
Dist Fedora Esm H88
Critical updates to Fedora 42 address specific security flaws in rust packages and improve system integrity.
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766

Summary

A Rust implementation of an async TAR file reader and writer. This

library does not currently handle compression, but it is abstract over

all I/O readers and writers. Additionally, great lengths are taken to

ensure that the entire contents are never required to be entirely

resident in memory all at once.

Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.

Topics%20covered

Topics Covered

security advisory fedora critical CVE fix Rust application archive manipulation

Change Log

* Mon Mar 16 2026 Benjamin A. Beasley - 0.6.0-1 - Update to version 0.6.0; Fixes RHBZ#2448054 * Sat Jan 17 2026 Fedora Release Engineering - 0.5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449547 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2449547 [ 6 ] Bug #2449549 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2449549 [ 7 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=244964...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-23bb71ea52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: rust-astral-tokio-tar
Product: Fedora 42
Version: 0.6.0
Release: 1.fc42
URL: https://crates.io/crates/astral-tokio-tar
Summary: Rust implementation of an async TAR file reader and writer

Topics%20covered

Topics Covered

security advisory fedora critical CVE fix Rust application archive manipulation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here