Alerts This Week
Warning Icon 1 626
Alerts This Week
Warning Icon 1 626

Warning: Undefined array key "Description" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 220

Fedora 40: FEDORA-2025-c58133e520 critical: libxmp memory issues

fedora
Calendar Grey January 11, 2025
Dist Fedora Esm H88
Critical security patches rolled out for Fedora 40's libxmp library, fixing several memory vulnerabilities and buffer overflow issues.
Latest upstream release

Summary

Libxmp is a library that renders module files to PCM data. It supports

over 90 mainstream and obscure module formats including Protracker (MOD),

Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT).

Many compressed module formats are supported, including popular Unix, DOS,

and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc.

Update Information:

Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit() CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder() CVE-2023-45677: Heap buffer out of bounds write in start_decoder() CVE-2023-45682: Wild address read in vorbis_decode_packet_rest()

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora security fix memory issue libxmp

Change Log

* Thu Jan 2 2025 Dominik Mierzejewski - 4.6.1-1 - update to 4.6.1 (rhbz#2335113) - enumerate source licenses and correct License tag * Mon Sep 2 2024 Miroslav Suchý - 4.6.0-6 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering - 4.6.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild

References


[ 1 ] Bug #2335113 - libxmp-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2335113

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c58133e520' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libxmp
Product: Fedora 40
Version: 4.6.1
Release: 2.fc40
URL:
Summary: A multi-format module playback library

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora security fix memory issue libxmp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here