Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
202
security advisorymoderateDoSopenSUSE: libxmp Moderate Stack Underflow Vulnerability 2025:0186-1
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for libxmp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0186-1 Rating: moderate References: Cross-References: CVE-2025-47256 CVSS scores: CVE-2025-47256 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxmp fixes the following issues: - Update to release 4.6.3 * Fix crashes when xmp_set_position/xmp_set_row is used to set a negative position/row. * Fix hangs when xmp_prev_position is used on the first position of a sequence which is preceded by an S3M/IT skip marker. * Fix out-of-bounds reads when xmp_next_position is used at the end of a 256 position module. * Fix hangs when seeking to an end-of-module marker caused by these positions getting assigned a non-existent sequence. * Fix stack underflow in Pha Packer loader (CVE-2025-47256). * Fix broken conversion of ProRunner 2.0 pattern data. * xmp_set_tempo_factor no longer alters frame time calculation for xmp_get_frame_info. Frame time is now updated to account for the new time factor after calling xmp_scan_module. * Fix loading XMs with some types of harmless pattern truncation. * Fix Digital Tracker 2.03 position jump effect for 4 channel DTMs. * Fix pattern loop jump interactions with same row pattern jump/break: Scream Tracker 3.03b+; Impulse Tracker 1.00 to 1.06 IT; Impulse Tracker 2.00+ IT/S3M; Modplug Tracker 1.16 IT/XM/S3M; Imago Orpheus IMF/S3M; Liquid Tracker LIQ/S3M; Poly Tracker; Digital Tracker > =2.02 DTM/MOD; Digital Tracker 2.03 (partial); Digital Tracker1.9 (partial); Octalyser. * Fix the pattern loop effect in Astroidea XMF loader. - Update to release 4.6.2 * Fix MED effect 1Fxy (delay and retrigger). The new implementation supports both delay and retrigger at the same time and repeats. * Fix MED effect FF3 (revert change from 4.6.1). The buggy version of this effect prior to OctaMED v5 is not currently supported. * Fix MED3 and MED4 time factor and tempos 1-10. * Fix MED4 effect 9xx (set speed). * Add support for MED3 and MED4 song files. * Handle IT modules with edit history but no MIDI configuration. - Update to release 4.6.1 * Add stereo sample loading support for IT, S3M, XM, MED, LIQ, and Digital Tracker (partial). * Add sample preamplification to filter mixers for high sample rates. * Add support for Ultra Tracker tempo commands. * Load Ultra Tracker comments instead of skipping them. * Implement support for Protracker instrument swapping. * Implement retrigger effects for MED, OctaMED, and Liquid Tracker where only one retrigger occurs. Liquid Tracker (new format) and Digital Symphony now allow retrigger values larger than 15. * Fix loop detection edge cases broken by S3M/IT marker scan bugs. * Add fix for IT break to module scan. * Fix restart position for > 64k sample and Digital Tracker MODs. * Reset Invert Loop position when a new instrument is encountered. * MOD: make presence of invert loop override tracker ID guesses. * M.K. modules within Amiga limits which use EFx invert loop are now IDed as Protracker. * Support for loading Digital Tracker 2.03 DTMs (MOD patterns). * Support for loading Digital Tracker 1.9 DTMs (VERS/SV19). * Allow patterns up to 396 rows in Digital Home Studio DTMs. * Support for Digital Tracker 1.9 "MIDI note" transpose. * Simulate Digital Tracker effects bugs where possible. * A bunch of Liquid Tracker (.liq files) bug fixes * Fixout-of-bounds reads in His Master's Noise Mupp instruments. * Add compatibility for non-standard Pattern Loop implementations: Scream Tracker 3.01b; Scream Tracker 3.03b+; Impulse Tracker 1.00; Impulse Tracker 1.04 to 2.09; Modplug Tracker 1.16; Digital Tracker > =2.04; Digital Tracker 1.9; Octalyser; Imago Orpheus; Liquid Tracker; Poly Tracker. (MOD, FT2, and IT 2.10+ were already supported.) * S3M: Detect PlayerPRO, Velvet Studio and old MPT versions. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2025-186=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): libxmp-devel-4.6.3-bp156.2.3.1 libxmp4-4.6.3-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2025-47256.html . A new version is released for openSUSE, targeting a moderate security flaw in libxmp that could lead to stack underflow and potential application crashes.. openSUSE Update, libxmp Fix, Security Advisory, moderate stack underflow, Linux application security. . LinuxSecurity.com Team
Jul 26, 2025
OpenSUSE
89
security advisorybuffer overflowFedoraFedora 40: 2025-34421311f4 critical: libxmp buffer overflow
Fixes CVE-2025-47256 .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-34421311f4 2025-05-13 02:17:57.560174+00:00 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 40 Version : 4.6.2 Release : 3.fc40 URL : Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-47256 . -------------------------------------------------------------------------------- ChangeLog: * Wed May 7 2025 Michael Schwendt - 4.6.2-3 - Fix array subscript underflow in Pha Packer loader (CVE-2025-47256). * Wed May 7 2025 Michael Schwendt - 4.6.2-2 - own cmake libxmp dir -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364611 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2364611 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-34421311f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 13, 2025
•Critical
Fedora
89
security advisoryfedoraupdateFedora 41: FEDORA-2025-a77aae3213 critical: libxmp buffer overflow
Fixes CVE-2025-47256 .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-a77aae3213 2025-05-13 02:03:45.501010+00:00 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 41 Version : 4.6.2 Release : 3.fc41 URL : Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-47256 . -------------------------------------------------------------------------------- ChangeLog: * Wed May 7 2025 Michael Schwendt - 4.6.2-3 - Fix array subscript underflow in Pha Packer loader (CVE-2025-47256). * Wed May 7 2025 Michael Schwendt - 4.6.2-2 - own cmake libxmp dir -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364612 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2364612 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-a77aae3213' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 13, 2025
•Critical
Fedora
89
security advisoryupdatebuffer overflowFedora 42: FEDORA-2025-11090ba13f critical: libxmp buffer overflow
Fixes CVE-2025-47256 .. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-11090ba13f 2025-05-10 01:16:54.200160+00:00 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 42 Version : 4.6.2 Release : 3.fc42 URL : Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-47256 . -------------------------------------------------------------------------------- ChangeLog: * Wed May 7 2025 Michael Schwendt - 4.6.2-3 - Fix array subscript underflow in Pha Packer loader (CVE-2025-47256). * Wed May 7 2025 Michael Schwendt - 4.6.2-2 - own cmake libxmp dir -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364613 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364613 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-11090ba13f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
May 10, 2025
•Critical
Fedora
89
security advisorybuffer overflowFedoraFedora 41 libxmp Security Advisory: Critical Memory Threats Fixed
Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit(). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-23e4aeeb91 2025-01-11 01:41:36.266471+00:00 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 41 Version : 4.6.1 Release : 2.fc41 URL : Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit() CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder() CVE-2023-45677: Heap buffer out of bounds write in start_decoder() CVE-2023-45682: Wild address read in vorbis_decode_packet_rest() -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2025 Dominik Mierzejewski - 4.6.1-1 - update to 4.6.1 (rhbz#2335113) - enumerate source licenses and correct License tag * Mon Sep 2 2024 Miroslav Suchý - 4.6.0-6 - convert license to SPDX -------------------------------------------------------------------------------- References: [ 1 ] Bug #2335113 - libxmp-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2335113 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-23e4aeeb91' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . The Libxmp toolkit in Fedora 41 has undergone essential upgrades that resolve significant memory vulnerabilities and buffer overrun concerns.. libxmp update,Fedora patch,memory safety issues,security updates. . Severity: Critical. LinuxSecurity.com Team
Jan 11, 2025
•Critical
Fedora
89
security advisoryupdatebuffer overflowFedora 40: FEDORA-2025-c58133e520 critical: libxmp memory issues
Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit(). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c58133e520 2025-01-11 01:25:07.399140+00:00 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 40 Version : 4.6.1 Release : 2.fc40 URL : Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Latest upstream release. Changelog: Fixes: CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbis_deinit() CVE-2023-45680: Null pointer dereference in vorbis_deinit() CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in start_decoder() CVE-2023-45677: Heap buffer out of bounds write in start_decoder() CVE-2023-45682: Wild address read in vorbis_decode_packet_rest() -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 2 2025 Dominik Mierzejewski - 4.6.1-1 - update to 4.6.1 (rhbz#2335113) - enumerate source licenses and correct License tag * Mon Sep 2 2024 Miroslav Suchý - 4.6.0-6 - convert license to SPDX * Thu Jul 18 2024 Fedora Release Engineering - 4.6.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug#2335113 - libxmp-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2335113 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c58133e520' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical security patches rolled out for Fedora 40's libxmp library, fixing several memory vulnerabilities and buffer overflow issues.. Libxmp Security Update, Fedora Security Fixes, Memory Management Issues, Buffer Overflow Risk. . Severity: Critical. LinuxSecurity.com Team
Jan 11, 2025
•Critical
Fedora
89
security advisorybug fixFedora 22Fedora 22: libxmp Update Notification - Security Update for PCM Playback
Latest stable release from upstream. Includes: * Fixes for bugs reported by Coverity Scan * Fixes for problems caused by fuzz files (reported by Jonathan Neuschäfer) * Other changes Full upstream changelog: . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-8f950932c1 2016-01-19 19:15:03.715699 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 22 Version : 4.3.10 Release : 1.fc22 URL : https://xmp.sourceforge.net/ Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Latest stable release from upstream. Includes: * Fixes for bugs reported by Coverity Scan * Fixes for problems caused by fuzz files (reported by Jonathan Neuschäfer) * Other changes Full upstream changelog: https://sourceforge.net/projects/xmp/files/libxmp/4.3.10/ -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libxmp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Keep informed about the most recent libxmp security patches for Fedora 22, featuring essential bug resolutions and enhancements.. libxmpsecurity update,Fedora 22 update,PCM data library,multi-format module playback. . Severity: Important. LinuxSecurity.com Team
Jan 19, 2016
•Important
Fedora
89
security advisoryfedorasoftware updateFedora 23: libxmp Security Update - Fixes and Improvements
Latest stable release from upstream. Includes: * Fixes for bugs reported by Coverity Scan * Fixes for problems caused by fuzz files (reported by Jonathan Neuschäfer) * Other changes Full upstream changelog: (Link no longer available). -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-64c69ec297 2016-01-19 19:15:35.973220 -------------------------------------------------------------------------------- Name : libxmp Product : Fedora 23 Version : 4.3.10 Release : 1.fc23 URL : https://xmp.sourceforge.net/ Summary : A multi-format module playback library Description : Libxmp is a library that renders module files to PCM data. It supports over 90 mainstream and obscure module formats including Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). Many compressed module formats are supported, including popular Unix, DOS, and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc. -------------------------------------------------------------------------------- Update Information: Latest stable release from upstream. Includes: * Fixes for bugs reported by Coverity Scan * Fixes for problems caused by fuzz files (reported by Jonathan Neuschäfer) * Other changes Full upstream changelog: https://sourceforge.net/projects/xmp/files/libxmp/4.3.10/ -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update libxmp' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- . Recent Fedora update alert for libxmp brings essential bug fixes and enhancements targeting multiple issues..Libxmp Update,Fedora 23,Module Playback,Software Fixes,Security Enhancements. . Severity: Critical. LinuxSecurity.com Team
Jan 19, 2016
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!