Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: Security Advisory FEDORA-2025-051becf4f2 on xz 5.8.1

fedora
Calendar Grey May 10, 2025
Dist Fedora Esm H88
The recent xz 5.8.1 release for Fedora 41 addresses a severe heap vulnerability. Find out more about the security patch updates here.
xz 5.8.1

Summary

XZ Utils are an attempt to make LZMA compression easy to use on free (as in

freedom) operating systems. This is achieved by providing tools and libraries

which are similar to use than the equivalents of the most popular existing

compression algorithms.

LZMA is a general purpose compression algorithm designed by Igor Pavlov as

part of 7-Zip. It provides high compression ratio while keeping the

decompression speed fast.

Update Information:

xz 5.8.1

Topics%20covered

Topics Covered

security advisory Fedora DoS heap xz LZMA

Change Log

* Thu Apr 24 2025 Adam Williamson - 1:5.8.1-2 - Rebuild without changes to fix gating problem * Thu Apr 3 2025 Richard W.M. Jones - 1:5.8.1-1 - New upstream version 5.8.1 - Fixes CVE-2025-31115 heap-use-after-free bug in threaded .xz decoder * Wed Mar 26 2025 Jakub Martisko - 1:5.8.0-1 - New upstream version 5.8.0 Resolves: rhbz#2341818 * Sun Jan 19 2025 Fedora Release Engineering - 1:5.6.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Oct 11 2024 Richard W.M. Jones - 1:5.6.3-2 - perl-Compress-Raw-Lzma dep has been removed, rebuild https://src.fedoraproject.org/rpms/perl-Compress-Raw-Lzma/pull-request/3 * Wed Oct 2 2024 Richard W.M. Jones - 1:5.6.3-1 - New upstream version 5.6.3 (RHBZ#2316069) * Thu Aug 8 2024 Lukáš Zaoral - 1:5.6.2-3 - fix licenses and finish SPDX license conversion

References


[ 1 ] Bug #2357253 - CVE-2025-31115 xz: XZ has a heap-use-after-free bug in threaded .xz decoder [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2357253

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-051becf4f2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xz
Product: Fedora 41
Version: 5.8.1
Release: 2.fc41
URL: https://tukaani.org/xz/
Summary: LZMA compression utilities

Topics%20covered

Topics Covered

security advisory Fedora DoS heap xz LZMA

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here