5 matches found
Fedora: Security Advisory (FEDORA-2025-92fd810e1d)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-c22dd590b8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 41 : rust-h2 / uv (2025-92fd810e1d)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-92fd810e1d advisory. - Update uv to version 0.8.8. - Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368. Tenable has extracted the...
Fedora 43 : python-uv-build / rust-h2 / uv (2025-8628ba80b1)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-8628ba80b1 advisory. - Update uv and python-uv-build to version 0.8.8. - Update the h2 crate to version 0.4.12. The builds in this update also address CVE-2025-54368. Tenable has...
CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...