Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42 rust-ybaas Critical Update CVE-2026-25537 Denial of Service Risk

fedora
Calendar Grey February 11, 2026
Dist Fedora Esm H88
Critical update for Fedora 42 to address potential risks related to time crate oversights affecting multiple packages.
Update the time crate to version 0.3.47

Summary

Don't you love when you accidentally tap your Yubikey when you have your

IRC client in focus and you send 987947 into Libera? Want to be able to

have that experience without having to reach all the way over to your

laptop's USB port? Don't want the complexity of installing and using the

yubibomb CLI tool? Now you can use yubibomb as a service!

Update Information:

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2.

Topics%20covered

Topics Covered

security advisory denial of service fedora rust-ybaas cve-2026-25537 rustsec-2026-0009

Change Log

* Sat Feb 7 2026 Fabio Valentini - 0.0.19-6 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering - 0.0.19-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering - 0.0.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rus...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: rust-ybaas
Product: Fedora 42
Version: 0.0.19
Release: 6.fc42
URL: https://crates.io/crates/ybaas
Summary: Yubibomb as a service

Topics%20covered

Topics Covered

security advisory denial of service fedora rust-ybaas cve-2026-25537 rustsec-2026-0009

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here