Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 43: fluidSynth Race Condition Vulnerability CVE-2025-68617 Exploit

fedora
Calendar Grey December 28, 2025
Dist Fedora Esm H88
FluidSynth update fixes race condition allowing code execution in Fedora 43. Important update for security enhancement.
Update to 2.5.2 Fix for CVE-2025-68617

Summary

FluidSynth is a real-time software synthesizer based on the SoundFont 2

specifications. It is a "software synthesizer". FluidSynth can read MIDI events

from the MIDI input device and render them to the audio device. It features

real-time effect modulation using SoundFont 2.01 modulators, and a built-in

command line shell. It can also play MIDI files (note: FluidSynth was previously

called IIWU Synth).

Update Information:

Update to 2.5.2 Fix for CVE-2025-68617

Topics%20covered

Topics Covered

security advisory fedora code execution privilege escalation important fluidsynth

Change Log

* Wed Dec 24 2025 Christoph Karl - 2.5.2-1 - Update to 2.5.2 - Fix for CVE-2025-68617

References


[ 1 ] Bug #2424828 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2424828 [ 2 ] Bug #2424831 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2424831 [ 3 ] Bug #2424833 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2424833 [ 4 ] Bug #2424835 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2424835

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-16548b7718' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: fluidsynth
Product: Fedora 43
Version: 2.5.2
Release: 1.fc43
URL: http://www.fluidsynth.org/
Summary: Real-time software synthesizer

Topics%20covered

Topics Covered

security advisory fedora code execution privilege escalation important fluidsynth

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here