Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: texlive-base Key Security Update Addressing CVEs 2025-e72c726192

fedora
Calendar Grey December 5, 2025
Dist Fedora Esm H88
Fedora 42 updates texlive-base with important bug fixes and security measures against known CVEs.
Update to 4.06

Summary

The TeX Live software distribution offers a complete TeX system for a

variety of Unix, Macintosh, Windows and other platforms. It

encompasses programs for editing, typesetting, previewing and printing

of TeX documents in many different languages, and a large collection

of TeX macros and font libraries.

The distribution includes extensive general documentation about TeX,

as well as the documentation for the included software packages.

Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following CVEs: CVE-2024-2971 CVE-2024-3247 CVE-2024-3248 CVE-2024-3900 CVE-2024-4141 CVE-2024-4568 CVE-2024-4976 CVE-2024-7866 CVE-2024-7867 CVE-2024-7868 CVE-2025-2574 CVE-2025-3154 CVE-2025-11896

Topics%20covered

Topics Covered

security advisory security issue fedora buffer overflow important texlive-base

Change Log

* Wed Nov 26 2025 Bjrn Esser - 11:20230311-94 - Rebuild(xpdf) * Wed Aug 6 2025 Franti\u0161ek Zatloukal - 11:20230311-93 - Rebuilt for icu 77.1 * Fri Jul 25 2025 Fedora Release Engineering - 11:20230311-92 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sat Jul 19 2025 Than Ngo - 11:20230311-91 - Fix rhbz#2379729 - texlive-pythontex is not compatible with python3.13 * Fri Jul 18 2025 Than Ngo - 11:20230311-90 - Fix rhbz#2354991 - bundling option for perl-5.40.x

References


[ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF file can cause an out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2271913 [ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272853 [ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2272856 [ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275829 [ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2277032 [ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2279473 [ 7 ] Bug #2280762 - CVE-2024-4976 xp...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e72c726192' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: texlive-base
Product: Fedora 42
Version: 20230311
Release: 94.fc42
URL: http://tug.org/texlive/
Summary: TeX formatting system

Topics%20covered

Topics Covered

security advisory security issue fedora buffer overflow important texlive-base

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here