Stay Vigilant with Timely Linux Security Advisories

Loading...

security advisorydenial of servicefedora

Fedora 42 Maturin Significant Denial Of Service Resolution CVE-2026-25537

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 42 Version : 1.9.6 Release : 3.fc42 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 1.9.6-3 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass[fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . For Fedora 42, crucial updates to maturin address CVE-2026-25537 and fix denial of service vulnerabilities.. Fedora Update, Rust, Denial of Service, Python Packages. . Severity: Important. LinuxSecurity.com Team

Feb 11, 2026 •Important Fedora

security advisoryfedorarust

Fedora 41: maturin Rebuild for CVE-2025-58160 Log Pollution Advisory

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d0fde656f0 2025-09-11 01:18:51.472343+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 41 Version : 1.8.7 Release : 2.fc41 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 2 2025 Fabio Valentini - 1.8.7-2 - Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391972 - CVE-2025-58160 maturin: Tracing log pollution [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2391972 [ 2 ] Bug #2391999 - CVE-2025-58160 maturin: Tracing log pollution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391999 [ 3 ] Bug #2392038 - CVE-2025-58160 maturin: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392038 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d0fde656f0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The updated version of maturin for Fedora 41 mitigates CVE-2025-58161, which pertains to the contamination of trace logs.. Fedora 41,maturin,CVE-2025-58160,tracing subscriber,rust crates. . Severity: Critical. LinuxSecurity.com Team

Sep 11, 2025 •Critical Fedora

security advisoryfedoraDoS

Fedora 42: Maturin 1.8.7 Critical Rebuild for CVE-2025-58160

Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-f0fd9ffe20 2025-09-11 00:54:36.117925+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 42 Version : 1.8.7 Release : 2.fc42 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 2 2025 Fabio Valentini - 1.8.7-2 - Rebuild with tracing-subscriber v0.3.20 for CVE-2025-58160 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391972 - CVE-2025-58160 maturin: Tracing log pollution [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2391972 [ 2 ] Bug #2391999 - CVE-2025-58160 maturin: Tracing log pollution [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391999 [ 3 ] Bug #2392038 - CVE-2025-58160 maturin: Tracing log pollution [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2392038 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-f0fd9ffe20' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The Fedora 42 upgrade of maturin resolves CVE-2025-58160 by implementing critical security measures and reducing extraneous log output.. Fedora update,maturin security fix,CVE-2025-58160,security advisory,Fedora 42. . Severity: Critical. LinuxSecurity.com Team

Sep 11, 2025 •Critical Fedora

security advisoryfedoraupdate

Fedora 41: FEDORA-2025-fb7b9c7c48 moderate: maturin double free

Update to version 1.8.6.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-fb7b9c7c48 2025-05-30 01:44:07.670105+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 41 Version : 1.8.6 Release : 1.fc41 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Update to version 1.8.6. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2025 Fabio Valentini - 1.8.6-1 - Update to version 1.8.6; Fixes RHBZ#2365325 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366540 - CVE-2025-4574 maturin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366540 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-fb7b9c7c48' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code ofConduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Important patch release for Fedora 41 resolving double free vulnerability in maturin. Upgrade to version 1.8.6 immediately for improved safety.. Fedora 41 Maturin Update, Software Management, Double Free Fix. . LinuxSecurity.com Team

May 30, 2025 Fedora

security advisoryupdateFedora

Fedora 42: FEDORA-2025-7227c166f0 moderate: maturin double free

Update to version 1.8.6.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7227c166f0 2025-05-30 01:14:13.237104+00:00 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 42 Version : 1.8.6 Release : 1.fc42 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: Update to version 1.8.6. -------------------------------------------------------------------------------- ChangeLog: * Wed May 21 2025 Fabio Valentini - 1.8.6-1 - Update to version 1.8.6; Fixes RHBZ#2365325 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2366567 - CVE-2025-4574 maturin: crossbeam-channel Vulnerable to Double Free on Drop [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366567 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7227c166f0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code ofConduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The recent patch fixes a vulnerability regarding a memory leak in maturin 1.8.6, particularly affecting Fedora 42.. Fedora 42, maturin update, double free fix, Python packaging, software advisory. . LinuxSecurity.com Team

May 30, 2025 Fedora

security advisorydenial of servicefedora

Fedora 39: 2024-40ee18b2e7 Moderate: Maturin Denial of Service

This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-40ee18b2e7 2024-06-02 03:36:56.060441 -------------------------------------------------------------------------------- Name : maturin Product : Fedora 39 Version : 1.5.1 Release : 2.fc39 URL : https://github.com/PyO3/maturin Summary : Build and publish Rust crates as Python packages Description : Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages. -------------------------------------------------------------------------------- Update Information: This update contains builds from a mini-mass-rebuild for Rust applications (and some C-style libraries). Rebuilding with the Rust 1.78 toolchain should fix incomplete debug information for the Rust standard library (and the resulting low-quality stack traces). Additionally, builds will have picked up fixes for some minor low-priority security and / or safety fixes in crate dependencies that had not yet been handled via a separate (targeted) rebuild: h2 v0.3.26+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0332.html glib v0.19.4+ and backports (UB): core/pull/1343 hashbrown v0.14.5+ (UB): https://github.com/rust-lang/hashbrown/pull/511 rustls v0.22.4+, v0.21.11+ (denial-of-service): https://rustsec.org/advisories/RUSTSEC-2024-0336.html -------------------------------------------------------------------------------- ChangeLog: * Thu May 23 2024 Fabio Valentini - 1.5.1-2 - Rebuild with Rust 1.78 to fix incomplete debuginfo andbacktraces -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-40ee18b2e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: . Fedora 39's update for maturin tackles key Rust standard library issues along with minor security fixes, urging users to upgrade for improved stability and security. Fedora Updates, Maturin Update, Rust Package Management. . Severity: Important. LinuxSecurity.com Team

Jun 02, 2024 •Important Fedora

Stay Secure with the Latest Linux Advisories

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Explore Latest Linux Security advisories

Fedora 42 Maturin Significant Denial Of Service Resolution CVE-2026-25537

Fedora 41: maturin Rebuild for CVE-2025-58160 Log Pollution Advisory

Fedora 42: Maturin 1.8.7 Critical Rebuild for CVE-2025-58160

Fedora 41: FEDORA-2025-fb7b9c7c48 moderate: maturin double free

Fedora 42: FEDORA-2025-7227c166f0 moderate: maturin double free

Fedora 39: 2024-40ee18b2e7 Moderate: Maturin Denial of Service

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Ubuntu 22.04 OpenSSH Important Remote Access Issues USN-8222-1

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE libyang Important Buffer Overflow Advisory 2026-2381-1

openSUSE HPLIP Severe Code Execution Denial of Service 2026-2380-1

openSUSE HPLIP Critical Escalation DoS Advisory SUSE-2026-2380-1

SUSE Linux Micro 6.2 python-Pygments Low Denial of Service CVE-2026-4539

Ubuntu 16.04 LTS GStreamer Base Plugins Critical DoS CVE-2026-2921

Debian 12 Linux Base Update Brings Important Security Fix DLA-4628-1

Debian 12 Kernel-Wedge Update for Linux 6.12 DLA-4627-1

openSUSE NetworkManager-libreswan Important Security Update CVE-2024-9050

openSUSE Rclone Critical Security Update CVE-2026-25680 CVE-2026-25681

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!