Fedora 43 Update: attr-2.6.0-1.fc43
Fedora 43 Update: acl-2.4.0-1.fc43
[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-b85570f8e4
2026-07-13 01:03:16.984289+00:00
--------------------------------------------------------------------------------
Name : attr
Product : Fedora 43
Version : 2.6.0
Release : 1.fc43
URL : https://savannah.nongnu.org/projects/attr
Summary : Utilities for managing filesystem extended attributes
Description :
A set of tools for manipulating extended attributes on filesystem
objects, in particular getfattr(1) and setfattr(1).
An attr(1) command is also provided which is largely compatible
with the SGI IRIX tool of the same name.
--------------------------------------------------------------------------------
Update Information:
rebase to v2.6.0 to fix CVE-2026-54371
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 9 2026 Luk???? Zaoral [lzaoral@redhat.com] - 2.6.0-1
- rebase to v2.6.0 to fix the following CVEs:
- CVE-2026-54371 - Symlink Traversal Privilege Escalation via getfattr (rhbz#2494172)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494172 - CVE-2026-54371 attr: Symlink Traversal Privilege Escalation via getfattr [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494172
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-b85570f8e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 43 Update: acl-2.4.0-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-67504c329b
2026-07-13 01:03:16.984286+00:00
--------------------------------------------------------------------------------
Name : acl
Product : Fedora 43
Version : 2.4.0
Release : 1.fc43
URL : https://savannah.nongnu.org/projects/acl
Summary : Access control list utilities
Description :
This package contains the getfacl and setfacl utilities needed for
manipulating access control lists.
--------------------------------------------------------------------------------
Update Information:
rebase to v2.4.0 to fix CVE-2026-54369 and CVE-2026-54370
Resolves: CVE-2026-54369
Resolves: CVE-2026-54370
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 9 2026 Luk???? Zaoral [lzaoral@redhat.com] - 2.4.0-1
- rebase to v2.4.0 to fix the following CVEs:
- CVE-2026-54369 - Symlink traversal privilege escalation via libacl functions
- CVE-2026-54370 - TOCTOU Symlink Traversal via getfacl/setfacl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2494173 - CVE-2026-54370 acl: TOCTOU Symlink Traversal via getfacl/setfacl [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494173
[ 2 ] Bug #2494174 - CVE-2026-54369 acl: Symlink traversal privilege escalation via libacl functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2494174
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-67504c329b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------