Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
More information is available at https://www.cve.org/CVERecord?id=CVE-2026-33056. This flaw is fixed in version 0.4.45 of the tar crate. Updates for rust-tar-0.4.45 are in testing for all Fedora and EPEL branches, and buildroot overrides are active. However, since rust uses vendored Rust crate dependencies (it looks like its copy of tar is at 0.4.44), its maintainers would need to fix this separately within the package’s dependency bundle or wait for the next upstream release.
FEDORA-2026-30b1c7e18a (rust-1.94.1-1.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2026-30b1c7e18a
FEDORA-2026-99de392ccb (rust-1.94.1-1.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2026-99de392ccb
FEDORA-2026-f47b1861e4 (rust-1.94.1-1.fc42) has been submitted as an update to Fedora 42. https://bodhi.fedoraproject.org/updates/FEDORA-2026-f47b1861e4
FEDORA-2026-30b1c7e18a (rust-1.94.1-1.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2026-99de392ccb (rust-1.94.1-1.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2026-f47b1861e4 (rust-1.94.1-1.fc42) has been pushed to the Fedora 42 stable repository. If problem still persists, please make note of it in this bug report.