Stay Secure with the Latest Linux Advisories

security advisoryfedoraupdate

Fedora 43 Chunkah Important Update Arbitrary Permissions Fix March 2026

Automatic update for chunkah-0.3.2-1.fc43. Changelog for chunkah * Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release * Fri Mar 20 2026 Packit - 0.3.1-1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-1269948465 2026-04-01 00:56:24.864638+00:00 -------------------------------------------------------------------------------- Name : chunkah Product : Fedora 43 Version : 0.3.2 Release : 1.fc43 URL : https://github.com/coreos/chunkah Summary : OCI building tool for content-based container image layers Description : chunkah is an OCI building tool that takes a flat rootfs and outputs a layered OCI image with content-based layers. It optimizes container image layer reuse by grouping files based on their content (e.g., by RPM package) rather than by Dockerfile instruction order. It is a generalized successor to rpm-ostree's build-chunked-oci command. -------------------------------------------------------------------------------- Update Information: Automatic update for chunkah-0.3.2-1.fc43. Changelog for chunkah * Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release * Fri Mar 20 2026 Packit - 0.3.1-1 - Update to 0.3.1 upstream release Automatic update for chunkah-0.3.1-1.fc43. Changelog for chunkah * Fri Mar 20 2026 Packit - 0.3.1-1 - Update to 0.3.1 upstream release -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 23 2026 Packit - 0.3.2-1 - Update to 0.3.2 upstream release * Fri Mar 20 2026 Packit - 0.3.1-1 - Update to 0.3.1 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449673 - CVE-2026-33056 chunkah: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449673 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-1269948465' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Chunkah update for Fedora 43 addresses important permission modifications via crafted tar archive vulnerabilities.. Fedora 43, chunkah update, OCI building tool, security advisory, permission modification. . Severity: Important. LinuxSecurity.com Team

Apr 01, 2026 •Important Fedora