Explore top 10 tips to secure your open-source projects now. Read More
×rebase to v2.6.0 to fix CVE-2026-54371. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-daa458d11d 2026-07-11 01:06:30.201361+00:00 -------------------------------------------------------------------------------- Name : attr Product : Fedora 44 Version : 2.6.0 Release : 1.fc44 URL : https://savannah.nongnu.org/projects/attr Summary : Utilities for managing filesystem extended attributes Description : A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr(1) and setfattr(1). An attr(1) command is also provided which is largely compatible with the SGI IRIX tool of the same name. -------------------------------------------------------------------------------- Update Information: rebase to v2.6.0 to fix CVE-2026-54371 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 9 2026 Lukáš Zaoral - 2.6.0-1 - rebase to v2.6.0 to fix the following CVEs: - CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494172 - CVE-2026-54371 attr: Symlink Traversal Privilege Escalation via getfattr [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2494172 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-daa458d11d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 update for attraddresses critical symlink traversal risk via CVE-2026-54371. Apply the update immediately.. Fedora update,Critical security,Attr symlink risk. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.