Stay Vigilant with Timely Linux Security Advisories

security advisorydenial of servicefedora

Fedora 44 fido-device-onboard Important Denial of Service 2026-9e223ca14f

Automatic update for fido-device-onboard-0.5.5-8.fc44. Changelog for fido-device-onboard * Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley - 0.5.5-7. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9e223ca14f 2026-04-25 01:21:36.171601+00:00 -------------------------------------------------------------------------------- Name : fido-device-onboard Product : Fedora 44 Version : 0.5.5 Release : 8.fc44 URL : https://github.com/fdo-rs/fido-device-onboard-rs Summary : A rust implementation of the FIDO Device Onboard Specification Description : A rust implementation of the FIDO Device Onboard Specification. -------------------------------------------------------------------------------- Update Information: Automatic update for fido-device-onboard-0.5.5-8.fc44. Changelog for fido-device-onboard * Wed Apr 01 2026 Peter Robinson - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley - 0.5.5-7 - In Fedora, update nix dependency from 0.26 to 0.31 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2026 Peter Robinson - 0.5.5-8 - Rebuild for CVE-2026-25727, CVE-2026-33056 * Sun Mar 15 2026 Benjamin A. Beasley - 0.5.5-7 - In Fedora, update nix dependency from 0.26 to 0.31 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438126 - CVE-2026-25727 fido-device-onboard: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438126 [ 2 ] Bug #2449677 - CVE-2026-33056 fido-device-onboard: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449677 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9e223ca14f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for fido-device-onboard addresses multiple critical issues and enhances security against potential attacks.. fido-device-onboard, Fedora, Denial of Service, security update. . Severity: Important. LinuxSecurity.com Team

Apr 25, 2026 •Important Fedora

security advisorysecurity issuefedora

Fedora 43 bpfman Critical Update CVE-2026-31812 Arbitrary Permissions Issue

Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d62d7fe77e 2026-04-02 01:05:52.796857+00:00 -------------------------------------------------------------------------------- Name : bpfman Product : Fedora 43 Version : 0.5.4 Release : 5.fc43 URL : https://bpfman.io Summary : EBPF Program Manager Description : bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. -------------------------------------------------------------------------------- Update Information: Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 24 2026 Daniel Mellado - 0.5.4-5 - Fix CVE-2026-31812: Bump tar-rs to .5.45 - Closes rhbz#2449672 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449672 - CVE-2026-33056 bpfman: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449672 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d62d7fe77e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send anemail to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update on bpfman 0.5.4 to fix CVE-2026-31812 with tar-rs adjustment for Fedora 43. Immediate actions recommended!. Fedora security advisory, bpfman update, CVE-2026-31812 fix, Linux package security. . Severity: Critical. LinuxSecurity.com Team

Apr 02, 2026 •Critical Fedora

security advisoryfedoraimportant

Fedora 42 Rust-Resctl-Bench Important Permissions Issue CVE-2026-33056

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-dd42661781 2026-04-01 01:08:42.227699+00:00 -------------------------------------------------------------------------------- Name : rust-resctl-bench Product : Fedora 42 Version : 2.2.5 Release : 12.fc42 URL : https://crates.io/crates/resctl-bench Summary : Whole system resource control benchmarks with realistic scenarios Description : resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic workloads and monitoring their interactions. The combination makes benchmarking resource control challenging and error-prone. It's easy to slip up on a configuration and testing with real workloads can be tedious and unreliable. resctl-bench encapsulates the whole process so that resource control benchmarks can be performed easily and reliably. It verifies and updates system configurations, reproduces resource contention scenarios with a realistic latency-sensitive workload simulator and other secondary workloads, analyzes the resulting system and workload behaviors, and generates easily understandable reports. -------------------------------------------------------------------------------- Update Information: Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2026 Benjamin A. Beasley - 2.2.5-12 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Updated the License expression * Mon Mar 23 2026 Benjamin A. Beasley - 2.2.5-11 - Rebuilt with rust-tar 0.4.45 forCVE-2026-33056 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2450241 - rust-resctl-bench: tar-rs: Arbitrary directory permission modification via crafted tar archive https://bugzilla.redhat.com/show_bug.cgi?id=2450241 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-dd42661781' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Fedora 42's rust-resctl-bench addresses CVE-2026-33056 with essential fixes for permissions.. Fedora rust-resctl-bench CVE-2026-33056 update application. . Severity: Important. LinuxSecurity.com Team

Apr 01, 2026 •Important Fedora

security advisoryfedoraresource control

Fedora 43 rust-resctl-bench Security Advisory CVE-2026-33056

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d7252cbfc9 2026-04-01 00:56:24.864648+00:00 -------------------------------------------------------------------------------- Name : rust-resctl-bench Product : Fedora 43 Version : 2.2.5 Release : 12.fc43 URL : https://crates.io/crates/resctl-bench Summary : Whole system resource control benchmarks with realistic scenarios Description : resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic workloads and monitoring their interactions. The combination makes benchmarking resource control challenging and error-prone. It's easy to slip up on a configuration and testing with real workloads can be tedious and unreliable. resctl-bench encapsulates the whole process so that resource control benchmarks can be performed easily and reliably. It verifies and updates system configurations, reproduces resource contention scenarios with a realistic latency-sensitive workload simulator and other secondary workloads, analyzes the resulting system and workload behaviors, and generates easily understandable reports. -------------------------------------------------------------------------------- Update Information: Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2026 Benjamin A. Beasley - 2.2.5-12 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Updated the License expression * Mon Mar 23 2026 Benjamin A. Beasley - 2.2.5-11 - Rebuilt with rust-tar 0.4.45 forCVE-2026-33056 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2450241 - rust-resctl-bench: tar-rs: Arbitrary directory permission modification via crafted tar archive https://bugzilla.redhat.com/show_bug.cgi?id=2450241 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d7252cbfc9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 43 security advisory for rust-resctl-bench addressing CVE-2026-33056 with update details and installation guidance.. Fedora update rust-resctl-bench CVE-2026-33056 permission. . Severity: Important. LinuxSecurity.com Team

Apr 01, 2026 •Important Fedora

security advisoryfedoraDoS

Fedora 44 rustup Update CVE-2026-33056 Critical Permission Threat

Rebuilt with rust-tar 0.4.45 for CVE-2026-33056. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-89d4b6644b 2026-03-29 00:15:07.927143+00:00 -------------------------------------------------------------------------------- Name : rustup Product : Fedora 44 Version : 1.29.0 Release : 2.fc44 URL : https://github.com/rust-lang/rustup Summary : Manage multiple rust installations with ease Description : Manage multiple rust installations with ease. -------------------------------------------------------------------------------- Update Information: Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 22 2026 Benjamin A. Beasley - 1.29.0-2 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 - Fixes RHBZ#2449688 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449688 - CVE-2026-33056 rustup: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449688 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-89d4b6644b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fedora 44 rustup updated to fix CVE-2026-33056 via rust-tar 0.4.45. Immediate installation advised.. Fedora 44,rustup security update,CVE-2026-33056. . Severity: Important. LinuxSecurity.com Team

Mar 29, 2026 •Important Fedora

security advisoryfedorarust-astral-tokio-tar

Fedora 43 rust-astral-tokio-tar Update for CVE-2026-32766 Released

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-d18cf572b8 2026-03-28 00:45:01.877972+00:00 -------------------------------------------------------------------------------- Name : rust-astral-tokio-tar Product : Fedora 43 Version : 0.6.0 Release : 1.fc43 URL : https://crates.io/crates/astral-tokio-tar Summary : Rust implementation of an async TAR file reader and writer Description : A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once. -------------------------------------------------------------------------------- Update Information: Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar. Update to 0.9.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 16 2026 Benjamin A. Beasley - 0.6.0-1 - Update to version 0.6.0; Fixes RHBZ#2448054 * Sat Jan 17 2026 Fedora Release Engineering - 0.5.6-2 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449551 - CVE-2026-32766 python-uv-build: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2449551 [ 6 ] Bug #2449553 - CVE-2026-32766 uv: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2449553 [ 7 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449645 [ 8 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449681 [ 9 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449683 [ 10 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449684 [ 11 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449694 -------------------------------------------------------------------------------- Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d18cf572b8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Explore the update for rust-astral-tokio-tar addressing CVE-2026-32766 and CVE-2026-33056.. rust-astral-tokio-tar update, Fedora security, CVE-2026-33056 fix, permission modification.. . Severity: Important. LinuxSecurity.com Team

Mar 28, 2026 •Important Fedora

security advisoryfedoraupdate

Fedora 44 rust-astral-tokio-tar Security Update for CVE-2026-32766

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e22a7dbf2d 2026-03-28 00:15:26.019772+00:00 -------------------------------------------------------------------------------- Name : rust-astral-tokio-tar Product : Fedora 44 Version : 0.6.0 Release : 1.fc44 URL : https://crates.io/crates/astral-tokio-tar Summary : Rust implementation of an async TAR file reader and writer Description : A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all at once. -------------------------------------------------------------------------------- Update Information: Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 16 2026 Benjamin A. Beasley - 0.6.0-1 - Update to version 0.6.0; Fixes RHBZ#2448054 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449645 [ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449681 [ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449683 [ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449684 [ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449694 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fixes for critical issues in rust-astral-tokio-tar and related updates in Fedora 44 ensure system security and integrity.. Fedora 44 Rust Update Arbitrary Permission. . Severity: Critical. LinuxSecurity.com Team

Mar 28, 2026 •Critical Fedora

security advisoryfedorapython package

Fedora 44 Maturin Upgrade Addresses CVE-2026-32766 CVE-2026-33056 Issues

Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e22a7dbf2d 2026-03-28 00:15:26.019772+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 44 Version : 1.9.6 Release : 5.fc44 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Update rust-astral-tokio-tar to 0.6.0, fixing CVE-2026-32766. Update rust-tar to 0.4.45, fixing CVE-2026-33056. Update rust-nix to 0.31.2. Update uv and python- uv-build to 0.10.2, rebuilding them with the latest rust-astral-tokio-tar and rust-tar. Update python-fastar to 0.9.0, rebuilding it with the lastest rust- tar. Rebuild maturin with the latest rust-tar. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 21 2026 Benjamin A. Beasley - 1.9.6-5 - Rebuilt with rust-tar 0.4.45 for CVE-2026-33056 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2448054 - rust-astral-tokio-tar-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2448054 [ 2 ] Bug #2449243 - uv-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449243 [ 3 ] Bug #2449274 - rust-tar-0.4.45 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449274 [ 4 ] Bug #2449338 - python-uv-build-0.10.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449338 [ 5 ] Bug #2449645 - python-fastar-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2449645 [ 6 ] Bug #2449681 - CVE-2026-33056 maturin: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449681 [ 7 ] Bug #2449683 - CVE-2026-33056 python-fastar: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449683 [ 8 ] Bug #2449684 - CVE-2026-33056 python-uv-build: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449684 [ 9 ] Bug #2449694 - CVE-2026-33056 uv: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449694 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e22a7dbf2d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for Fedora 44 fixes critical issues in multiple Python packages addressing directory permissions.. Fedora security update, maturin Python package, CVE-2026-33056, permissions exploit, Rust applications. . Severity: Critical. LinuxSecurity.com Team

Mar 28, 2026 •Critical Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 44 fido-device-onboard Important Denial of Service 2026-9e223ca14f

Fedora 43 bpfman Critical Update CVE-2026-31812 Arbitrary Permissions Issue

Fedora 42 Rust-Resctl-Bench Important Permissions Issue CVE-2026-33056

Fedora 43 rust-resctl-bench Security Advisory CVE-2026-33056

Fedora 44 rustup Update CVE-2026-33056 Critical Permission Threat

Fedora 43 rust-astral-tokio-tar Update for CVE-2026-32766 Released

Fedora 44 rust-astral-tokio-tar Security Update for CVE-2026-32766

Fedora 44 Maturin Upgrade Addresses CVE-2026-32766 CVE-2026-33056 Issues

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!