Fedora 43 rust-resctl-bench Important Time Crate Updates CVE-2026-25537
fedora
February 10, 2026
Update the time crate to version 0.3.47
Summary
resctl-bench is a collection of whole-system benchmarks to evaluate resource
control and hardware behaviors using realistic simulated workloads.
Comprehensive resource control involves the whole system. Furthermore, testing
resource control end-to-end requires scenarios involving realistic workloads
and monitoring their interactions. The combination makes benchmarking resource
control challenging and error-prone. It's easy to slip up on a configuration
and testing with real workloads can be tedious and unreliable.
resctl-bench encapsulates the whole process so that resource control benchmarks
can be performed easily and reliably. It verifies and updates system
configurations, reproduces resource contention scenarios with a realistic
latency-sensitive workload simulator and other secondary workloads, analyzes
the resulting system and workload behaviors, and generates easily
understandable reports.
Update Information:
Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.
Topics Covered
Change Log
* Sat Feb 7 2026 Fabio Valentini
References
[ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437470
[ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2437472
[ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438104
[ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438135
[ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2438138
[ 6 ] Bug #2438149 - CVE-2026-25727 rus...
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: rust-resctl-bench
Product: Fedora 43
Version: 2.2.5
Release: 10.fc43
Summary: Whole system resource control benchmarks with realistic scenarios
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!