Stay Vigilant with Timely Linux Security Advisories

security advisorymoderatedenial of service

Fedora 42 rust-time Moderate Denial of Service 2026-6388b28850

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : rust-time Product : Fedora 42 Version : 0.3.47 Release : 2.fc42 URL : https://crates.io/crates/time Summary : Date and time library Description : Date and time library. Fully interoperable with the standard library. Mostly compatible with #![no_std]. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 0.3.47-2 - Skip a test that encodes 64-bit memory layout assumptions * Fri Feb 6 2026 Fabio Valentini - 0.3.47-1 - Update to version 0.3.47; Fixes RHBZ#2428874 * Sat Jan 17 2026 Fedora Release Engineering - 0.3.44-2 - Rebuilt forhttps://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at thecommand line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update for rust-time and related crates fixing CVE-2026-25537 and security concerns in Fedora 42. Installation details included.. Fedora 42, security advisory, rust-time, time crate update, Denial Of Service. . LinuxSecurity.com Team

Feb 11, 2026 Fedora

security advisorydenial of servicefedora

Fedora 42 rust-sccache Critical Denial of Service Vulnern 2026-6388b28850

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : rust-sccache Product : Fedora 42 Version : 0.12.0 Release : 3.fc42 URL : https://crates.io/crates/sccache Summary : Ccache-like tool Description : Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 0.12.0-3 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 -CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Security advisory for Fedora 42 on rust-sccache addresses critical denial of service issue. Immediate action recommended.. Fedora 42 Rust SCCache Denial of Service Critical. . Severity: Critical. LinuxSecurity.com Team

Feb 11, 2026 •Critical Fedora

security advisorydenial of servicefedora

Fedora 42 rust-rd-agent Critical Stack Exhaustion CVE-2026-25537

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : rust-rd-agent Product : Fedora 42 Version : 2.2.5 Release : 14.fc42 URL : https://crates.io/crates/rd-agent Summary : Management agent for resctl-demo Description : Management agent for resctl-demo. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 2.2.5-14 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering - 2.2.5-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads topotential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical security fix for rust-rd-agent on Fedora 42 addressing stack exhaustion risks and providing crate updates.. rust-rd-agent security update Fedora time crate. . Severity: Critical. LinuxSecurity.com Team

Feb 11, 2026 •Critical Fedora

security advisoryfedoraDoS

Fedora 42 rust-app-store-connect Update CVE-2026-25537 DoS Threat Advisory

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : rust-app-store-connect Product : Fedora 42 Version : 0.5.0 Release : 6.fc42 URL : https://crates.io/crates/app-store-connect Summary : Apple App Store Connect API and client Description : Apple App Store Connect API and client. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 8 2026 Benjamin A. Beasley - 0.5.0-6 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 Fedora Release Engineering - 0.5.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtokenhas Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Critical updates to rust-app-store-connect securing components and addressing denial of service threats for Fedora 42.. Security Advisory, Fedora 42 Updates, Denial of Service, Rust App Connect. . Severity: Important. LinuxSecurity.com Team

Feb 11, 2026 •Important Fedora

security advisorydenial of servicefedora

Fedora 42 Helix Critical Type Confusion Security Issue CVE-2026-25537

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : helix Product : Fedora 42 Version : 25.07.1 Release : 7.fc42 URL : https://helix-editor.com/ Summary : A post-modern modal text editor written in Rust Description : A Kakoune / Neovim inspired editor, written in Rust. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 25.07.1-7 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Fri Jan 16 2026 Fedora Release Engineering - 25.07.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has TypeConfusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . This advisory covers updates for the helix application on Fedora 42 addressing several key security issues including CVE-2026-25537.. Fedora Updates, helix text editor, security advisory, CVE-2026-25537. . Severity: Critical. LinuxSecurity.com Team

Feb 11, 2026 •Critical Fedora

security advisorysecurity issuefedora

Fedora 42 Envision Low Time Crate Security Advisory 2026-25537

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-6388b28850 2026-02-11 00:58:02.841951+00:00 -------------------------------------------------------------------------------- Name : envision Product : Fedora 42 Version : 3.2.0 Release : 7.fc42 URL : https://gitlab.com/gabmus/envision Summary : UI for building, configuring, and running Monado/WiVRn Description : UI for building, configuring, and running Monado, the open source OpenXR runtime. This is still highly experimental software, while it's unlikely that anything bad will happen, it's still unstable and there is no guarantee that it will work on your system, with your particular hardware. If you encounter any problems while using the app, make sure to open an issue. Also consider that due to the unstable nature of the app, it's possible to encounter unexpected behavior that while in VR might cause motion sickness or physical injury. Be very careful while in VR using this app! -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixesincluded in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Jonathan Steffan - 3.2.0-7 - Update wivrn build Requires. * Sat Feb 7 2026 Fabio Valentini - 3.2.0-6 - Bump git2 dependency to 0.20 and simplify packaging * Thu Jan 29 2026 Nicolas Chauvet - 3.2.0-5 - Add FTBFS for https://gitlab.com/gabmus/envision/-/issues/256 * Thu Jan 29 2026 Nicolas Chauvet - 3.2.0-4 - Rebuilt for OpenCV 4.13 * Fri Jan 16 2026 Fedora Release Engineering - 3.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437465 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437465 [ 2 ] Bug #2437467 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2437467 [ 3 ] Bug #2438046 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438046 [ 4 ] Bug #2438075 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438075 [ 5 ] Bug #2438077 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438077 [ 6 ] Bug #2438086 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438086 [ 7 ] Bug #2438091 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438091 [ 8 ] Bug #2438097 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438097 [ 9 ] Bug #2438098 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438098 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-6388b28850' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Stay informed about Fedora's security advisory concerning Envision, outlining recent updates and changes in security measures.. Fedora 42 Envision Update. . Severity: Low. LinuxSecurity.com Team

Feb 11, 2026 •Low Fedora

security advisorydenial of servicefedora

Fedora 43 uv Important Denial of Service Update 2026-25538

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f400579a21 2026-02-10 01:31:32.937525+00:00 -------------------------------------------------------------------------------- Name : uv Product : Fedora 43 Version : 0.9.30 Release : 2.fc43 URL : https://github.com/astral-sh/uv Summary : An extremely fast Python package installer and resolver, written in Rust Description : An extremely fast Python package and project manager, written in Rust. Highlights: \u2022 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twine, virtualenv, and more. \u2022 10-100x faster than pip. \u2022 Provides comprehensive project management, with a universal lockfile. \u2022 Runs scripts, with support for inline dependency metadata. \u2022 Installs and manages Python versions. \u2022 Runs and installs tools published as Python packages. \u2022 Includes a pip-compatible interface for a performance boost with a familiar CLI. \u2022 Supports Cargo-style workspaces for scalable projects. \u2022 Disk-space efficient, with a global cache for dependency deduplication. -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rustbindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 8 2026 Benjamin A. Beasley - 0.9.30-2 - Rebuilt with jsonwebtoken patched for CVE-2026-25537 - Fixes RHBZ#2437472; fixes RHBZ#2437467; fixes RHBZ#2437461 * Thu Feb 5 2026 Benjamin A. Beasley - 0.9.30-1 - Update to 0.9.30 (close RHBZ#2437002) * Wed Feb 4 2026 Benjamin A. Beasley - 0.9.29-1 - Update to 0.9.29 (close RHBZ#2436550) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437470 [ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437472 [ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438104 [ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438135 [ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438138 [ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438149 [ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438158 [ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: timeaffected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438164 [ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438165 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f400579a21' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for Fedora 43 addressing potential denial of service in time crate. Ensure your system is patched.. Fedora 43 update, time crate security, Python package manager, Rust tool, denial of service fix. . Severity: Critical. LinuxSecurity.com Team

Feb 10, 2026 •Critical Fedora

security advisoryfedoraservice

Fedora 43 rust-ybaas Update Moderate Stack Exhaustion Attack CVE-2026-25537

Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-f400579a21 2026-02-10 01:31:32.937525+00:00 -------------------------------------------------------------------------------- Name : rust-ybaas Product : Fedora 43 Version : 0.0.19 Release : 6.fc43 URL : https://crates.io/crates/ybaas Summary : Yubibomb as a service Description : Don't you love when you accidentally tap your Yubikey when you have your IRC client in focus and you send 987947 into Libera? Want to be able to have that experience without having to reach all the way over to your laptop's USB port? Don't want the complexity of installing and using the yubibomb CLI tool? Now you can use yubibomb as a service! -------------------------------------------------------------------------------- Update Information: Update the time crate to version 0.3.47. Update the time-macros crate to version 0.2.27. Update the time-core crate to version 0.1.8. Update the num-conv crate to version 0.2.0. Update the git2 crate to version 0.20.4. Update the bytes crate to version 1.11.1. Additionally, this update contains rebuilds of applications affected by security advisories: bytes: RUSTSEC-2026-0007 git2: RUSTSEC-2026-0008 jsonwebtoken: CVE-2026-25537 time: RUSTSEC-2026-0009 All applications that statically link libgit2 via the git2 Rust bindings were also rebuilt against the latest version of the git2 / libgit2-sys crates to pull in fixes included in libgit2 between v1.8.1 and v1.9.2. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 7 2026 Fabio Valentini - 0.0.19-6 - Rebuild for RUSTSEC-2026-{0007,0008,0009} and CVE-2026-25537 * Sat Jan 17 2026 FedoraRelease Engineering - 0.0.19-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2437470 - CVE-2026-25537 rust-jsonwebtoken: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437470 [ 2 ] Bug #2437472 - CVE-2026-25537 uv: jsonwebtoken has Type Confusion that leads to potential authorization bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2437472 [ 3 ] Bug #2438104 - CVE-2026-25727 atuin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438104 [ 4 ] Bug #2438135 - CVE-2026-25727 keylime-agent-rust: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438135 [ 5 ] Bug #2438138 - CVE-2026-25727 maturin: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438138 [ 6 ] Bug #2438149 - CVE-2026-25727 rustup: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438149 [ 7 ] Bug #2438158 - CVE-2026-25727 tbtools: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438158 [ 8 ] Bug #2438164 - CVE-2026-25727 tuigreet: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438164 [ 9 ] Bug #2438165 - CVE-2026-25727 uv: time affected by a stack exhaustion denial of service attack [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2438165 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade--advisory FEDORA-2026-f400579a21' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Mitigate risks with updates for rust-ybaas in Fedora addressing critical service issues and potential exploitation.. Fedora Update rust-ybaas time service CVE-2026-25537 stack exhaustion. . Severity: Important. LinuxSecurity.com Team

Feb 10, 2026 •Important Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 42 rust-time Moderate Denial of Service 2026-6388b28850

Fedora 42 rust-sccache Critical Denial of Service Vulnern 2026-6388b28850

Fedora 42 rust-rd-agent Critical Stack Exhaustion CVE-2026-25537

Fedora 42 rust-app-store-connect Update CVE-2026-25537 DoS Threat Advisory

Fedora 42 Helix Critical Type Confusion Security Issue CVE-2026-25537

Fedora 42 Envision Low Time Crate Security Advisory 2026-25537

Fedora 43 uv Important Denial of Service Update 2026-25538

Fedora 43 rust-ybaas Update Moderate Stack Exhaustion Attack CVE-2026-25537

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

openSUSE Chromedriver Moderate Security Issues Fixed 2026-10958-1

openSUSE Tumbleweed libmozjs Moderate Update CVE-2025-70103

openSUSE Tumbleweed Perl HTML Parser Moderate CVE-2026-8829 Advisory

openSUSE Tumbleweed kernel-devel Moderate Security Issue 2026-10954-1

openSUSE Tumbleweed Gleam Moderate Threat Fixed 2026-10953-1

Ubuntu 25.10 Systemd Critical Arbitrary Code Exec DNS Issues USN-8402-1

openSUSE Epiphany Important Password Handling Issue CVE-2023-26081

Ubuntu 26.04 LTS 8399-1 Pillow Denial of Service Risk CVE-2026-42308

Ubuntu 26.04 LTS Poppler Critical DoS Code Execution Vuln USN-8400-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!