Stay Secure with the Latest Linux Advisories

security advisoryfedoraupdate

Fedora 43 Goose Update Fixes CVE-2026-33056 Permission Modifications

Update goose to fix fedora#2449678. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a45f438402 2026-04-08 00:52:24.173289+00:00 -------------------------------------------------------------------------------- Name : goose Product : Fedora 43 Version : 1.23.2 Release : 7.fc43 URL : https://github.com/aaif-goose/goose Summary : Extensible AI agent client Description : Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously. Whether you're prototyping an idea, refining existing code, or managing intricate engineering pipelines, goose adapts to your workflow and executes tasks with precision. Designed for maximum flexibility, goose works with any LLM and supports multi-model configuration to optimize performance and cost, seamlessly integrates with MCP servers, and is available as both a desktop app as well as CLI - making it the ultimate AI assistant for developers who want to move faster and focus on innovation. -------------------------------------------------------------------------------- Update Information: Update goose to fix fedora#2449678 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 27 2026 Manuel Moran - 1.23.2-7 - [skip changelog] Fix gating * Fri Mar 27 2026 Martin Litwora - 1.23.2-6 - Change the test plan URL to point directly to centos-stream test repository * Fri Mar 27 2026 Sam Doran - 1.23.2-5 - Fix CVE-2026-33056 for tar dependency * Thu Mar 26 2026 Sam Doran - 1.23.2-4 - Raise recursion limit on server_test.rs * Mon Mar 23 2026 Manuel Moran - 1.23.2-3 - Addgating -------------------------------------------------------------------------------- References: [ 1 ] Bug #2449678 - CVE-2026-33056 goose: tar-rs: Arbitrary directory permission modification via crafted tar archive [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2449678 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a45f438402' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical update for Goose in Fedora 43 addressing permission issues with crafted tar archives. Upgrade recommended immediately.. Fedora 43 Goose Update, Permission Modification Fix, Security Advisory. . Severity: Critical. LinuxSecurity.com Team

Apr 08, 2026 •Critical Fedora