Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

Fedora 42 rust-scx_rustland Important Fix Denial of Service CVE-2026-25537

fedora
Calendar Grey February 11, 2026
Dist Fedora Esm H88
Critical updates for rust-scx_rustland in Fedora 42 address security risks including denial of service issues and fixes for jsonwebtoken.
Update the time crate to version 0.3.47

Summary

A BPF component (dispatcher) that implements the low level

sched-ext functionalities and a user-space counterpart (scheduler),

written in Rust, that implements the actual scheduling policy.

This is used within sched_ext, which is a Linux kernel feature

which enables implementing kernel thread schedulers in BPF and

dynamically loading them.

https://github.com/sched-ext/scx/tree/main

Update Information:

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

Topics%20covered

Topics Covered

security advisory denial of service fedora important rust-scx_rustland jsonwebtoken

Change Log

* Sat Feb 7 2026 Fabio Valentini - 0.0.3-7 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering - 0.0.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering - 0.0.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rus...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rust-scx_rustland
Product: Fedora 42
Version: 0.0.3
Release: 7.fc42
URL: https://crates.io/crates/scx_rustland
Summary: A simple user-space scheduler written in Rust

Topics%20covered

Topics Covered

security advisory denial of service fedora important rust-scx_rustland jsonwebtoken

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here