Stay Secure with the Latest Linux Advisories

security advisoryfedoradenial service

Fedora 43 rust-resctl-bench Important Time Crate Updates CVE-2026-25537

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f400579a21 2026-02-10 01:31:32.937525+00:00 -------------------------------------------------------------------------------- Name : rust-resctl-bench Product : Fedora 43 Version : 2.2.5 Release : 10.fc43 URL : https://crates.io/crates/resctl-bench Summary : Whole system resource control benchmarks with realistic scenarios Description : resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic workloads and monitoring their interactions. The combination makes benchmarking resource control challenging and error-prone. It's easy to slip up on a configuration and testing with real workloads can be tedious and unreliable. resctl-bench encapsulates the whole process so that resource control benchmarks can be performed easily and reliably. It verifies and updates system configurations, reproduces resource contention scenarios with a realistic latency-sensitive workload simulator and other secondary workloads, analyzes the resulting system and workload behaviors, and generates easily understandable reports. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, thisupdate contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 2.2.5-10 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering - 2.2.5-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437470 [ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437472 [ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438104 [ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438135 [ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438138 [ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438149 [ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stackexhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438158 [ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438164 [ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438165 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Security update for Fedora 43 addresses important issues in rust-resctl-bench with several crate updates.. Fedora 43, rust-resctl-bench, security advisory, time crate, denial of service. . Severity: Important. LinuxSecurity.com Team

Feb 10, 2026 •Important Fedora