Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 635
Alerts This Week
Warning Icon 1 635

Fedora 44 Rust-Tar Important Arbitrary Modification Fix 2026-e22a7dbf2d

fedora
Calendar Grey March 28, 2026
Dist Fedora Esm H88
Update on Rust-tar for Fedora 44 addressing important security issues with fixes for CVE-2026-33056.
Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766

Summary

A Rust implementation of a TAR file reader and writer. This library does

not currently handle compression, but it is abstract over all I/O

readers and writers. Additionally, great lengths are taken to ensure

that the entire contents are never required to be entirely resident in

memory all at once.

Update Information:

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.

Change Log

* Fri Mar 20 2026 Benjamin A. Beasley - 0.4.45-1 - Update to version 0.4.45; Fixes RHBZ#2449274

References


[ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449645 [ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449681 [ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449683 [ 8 ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rust-tar
Product: Fedora 44
Version: 0.4.45
Release: 1.fc44
Summary: Rust implementation of a TAR file reader and writer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.