Linuxsecurity
Critical Symlink Traversal Vulnerabilities in Fedora 44 Affected by CVEs
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 9, 2026, Fedora released updates addressing critical symlink traversal vulnerabilities in its acl and attr packages. The vulnerabilities, identified as CVE-2026-54369, CVE-2026-54370, and CVE-2026-54371, were published on June 29, 2026. CVE-2026-54369 and CVE-2026-54370 involve privilege escalation via libacl functions and TOCTOU symlink traversal through getfacl/setfacl. CVE-2026-54371 also presents a privilege escalation risk via getfattr. These vulnerabilities could allow attackers to gain elevated privileges on affected systems. Users are advised to upgrade to the latest versions using the provided dnf commands. The updates are critical for maintaining system security against potential exploitation.
Key Points: • Fedora 44 acl and attr packages have critical symlink traversal vulnerabilities. • Three CVEs (CVE-2026-54369, CVE-2026-54370, CVE-2026-54371) were published on June 29, 2026. • Users are urged to apply updates immediately to mitigate privilege escalation risks.