Fluidsynth, DUC, Tkimg, GDU, Tkimg updates for Fedora

Fedora Linux 9198 Published by

Security updates have been released for Fedora Linux, specifically for Fedora versions 43 and 42. The updated packages include fluidsynth-2.5.2, duc-1.4.6, tkimg-2.1.0, and gdu-5.32.0. Some of these updates are available for both Fedora 43 and Fedora 42, indicating that the patches have been applied to multiple versions of the operating system.

Fedora 43 Update: fluidsynth-2.5.2-1.fc43
Fedora 43 Update: duc-1.4.6-1.fc43
Fedora 43 Update: tkimg-2.1.0-1.fc43
Fedora 43 Update: gdu-5.32.0-1.fc43
Fedora 42 Update: tkimg-2.1.0-1.fc42
Fedora 42 Update: gdu-5.32.0-1.fc42




[SECURITY] Fedora 43 Update: fluidsynth-2.5.2-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-16548b7718
2025-12-28 01:06:50.261964+00:00
--------------------------------------------------------------------------------

Name : fluidsynth
Product : Fedora 43
Version : 2.5.2
Release : 1.fc43
URL : http://www.fluidsynth.org/
Summary : Real-time software synthesizer
Description :
FluidSynth is a real-time software synthesizer based on the SoundFont 2
specifications. It is a "software synthesizer". FluidSynth can read MIDI events
from the MIDI input device and render them to the audio device. It features
real-time effect modulation using SoundFont 2.01 modulators, and a built-in
command line shell. It can also play MIDI files (note: FluidSynth was previously
called IIWU Synth).

--------------------------------------------------------------------------------
Update Information:

Update to 2.5.2
Fix for CVE-2025-68617
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 24 2025 Christoph Karl - 2.5.2-1
- Update to 2.5.2
- Fix for CVE-2025-68617
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2424828 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2424828
[ 2 ] Bug #2424831 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424831
[ 3 ] Bug #2424833 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424833
[ 4 ] Bug #2424835 - CVE-2025-68617 fluidsynth: FluidSynth: Race Condition in DLS Unloading Allows Code Execution and Privilege Escalation [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2424835
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-16548b7718' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: duc-1.4.6-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-4d1c51d90a
2025-12-28 01:06:50.261957+00:00
--------------------------------------------------------------------------------

Name : duc
Product : Fedora 43
Version : 1.4.6
Release : 1.fc43
URL : https://duc.zevv.nl/
Summary : Disk usage tools
Description :
Duc is a collection of tools for indexing, inspecting and visualizing
disk usage. Duc maintains a database of accumulated sizes of directories
of the file system, and allows you to query this database with some tools,
or create fancy graphs showing you where your bytes are.

--------------------------------------------------------------------------------
Update Information:

Update to 1.4.6: fixes CVE-2025-13654
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 17 2025 Jens Petersen [petersen@redhat.com] - 1.4.6-1
- Update to 1.4.6: fixes CVE-2025-13654
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2423080 - CVE-2025-13654 duc: duc: Stack Buffer Overflow in buffer_get function [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2423080
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-4d1c51d90a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: tkimg-2.1.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-13b23a6952
2025-12-28 01:06:50.261923+00:00
--------------------------------------------------------------------------------

Name : tkimg
Product : Fedora 43
Version : 2.1.0
Release : 1.fc43
URL : http://sourceforge.net/projects/tkimg
Summary : Image support library for Tk
Description :
This package contains a collection of image format handlers for the Tk
photo image type, and a new image type, pixmaps.

--------------------------------------------------------------------------------
Update Information:

Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built
against TCL/TK 9. Fix FTBFS.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2025 Tom Callaway [spot@fedoraproject.org] - 2.1.0-1
- update to 2.1.0
- update the bundled copy of libpng to 1.6.53
- update the bundled copy of libtiff to 4.7.1
- build for tcl/tk 9
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.16-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2337800 - Please update the package for the 'Tcl/Tk 9.0' Fedora change
https://bugzilla.redhat.com/show_bug.cgi?id=2337800
[ 2 ] Bug #2366434 - CVE-2025-4638 tkimg: Improper Pointer Arithmetic in pcl [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366434
[ 3 ] Bug #2383825 - CVE-2025-8176 tkimg: LibTIFF Use-After-Free Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383825
[ 4 ] Bug #2383831 - CVE-2025-8177 tkimg: LibTIFF Buffer Overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383831
[ 5 ] Bug #2385697 - tkimg: FTBFS in Fedora rawhide/f43
https://bugzilla.redhat.com/show_bug.cgi?id=2385697
[ 6 ] Bug #2386206 - CVE-2024-13978 tkimg: LibTIFF Null Pointer Dereference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386206
[ 7 ] Bug #2387669 - CVE-2025-8851 tkimg: LibTIFF Stack-based buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2387669
[ 8 ] Bug #2388598 - CVE-2025-8961 tkimg: LibTIFF memory corruption [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388598
[ 9 ] Bug #2389610 - CVE-2025-9165 tkimg: LibTIFF memory leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2389610
[ 10 ] Bug #2417441 - CVE-2025-64720 tkimg: LIBPNG buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417441
[ 11 ] Bug #2417460 - CVE-2025-65018 tkimg: LIBPNG heap buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417460
[ 12 ] Bug #2417470 - CVE-2025-64506 tkimg: LIBPNG heap buffer over-read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417470
[ 13 ] Bug #2417476 - CVE-2025-64720 tkimg: LIBPNG buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417476
[ 14 ] Bug #2417488 - CVE-2025-65018 tkimg: LIBPNG heap buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417488
[ 15 ] Bug #2417492 - CVE-2025-64506 tkimg: LIBPNG heap buffer over-read [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417492
[ 16 ] Bug #2418415 - CVE-2025-64505 tkimg: LIBPNG heap buffer overflow via malformed palette index [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418415
[ 17 ] Bug #2418427 - CVE-2025-64505 tkimg: LIBPNG heap buffer overflow via malformed palette index [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418427
[ 18 ] Bug #2418740 - CVE-2025-66293 tkimg: LIBPNG out-of-bounds read in png_image_read_composite [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418740
[ 19 ] Bug #2418751 - CVE-2025-66293 tkimg: LIBPNG out-of-bounds read in png_image_read_composite [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418751
[ 20 ] Bug #2423630 - CVE-2025-9900 tkimg: Libtiff Write-What-Where [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2423630
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-13b23a6952' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 43 Update: gdu-5.32.0-1.fc43


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-709790fda7
2025-12-28 01:06:50.261911+00:00
--------------------------------------------------------------------------------

Name : gdu
Product : Fedora 43
Version : 5.32.0
Release : 1.fc43
URL : https://github.com/dundee/gdu
Summary : Fast disk usage analyzer with console interface written in Go
Description :
Fast disk usage analyzer with console interface written in Go.

--------------------------------------------------------------------------------
Update Information:

Update to 5.32.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 19 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 5.32.0-1
- Update to 5.32.0 - Closes rhbz#2416550
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2408167 - CVE-2025-58189 gdu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408167
[ 2 ] Bug #2409637 - CVE-2025-61723 gdu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2409637
[ 3 ] Bug #2410588 - CVE-2025-58185 gdu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2410588
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-709790fda7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: tkimg-2.1.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-419c60783f
2025-12-28 00:49:44.327938+00:00
--------------------------------------------------------------------------------

Name : tkimg
Product : Fedora 42
Version : 2.1.0
Release : 1.fc42
URL : http://sourceforge.net/projects/tkimg
Summary : Image support library for Tk
Description :
This package contains a collection of image format handlers for the Tk
photo image type, and a new image type, pixmaps.

--------------------------------------------------------------------------------
Update Information:

Update to 2.1.0. Update bundled libpng, libtiff, to latest versions. Built
against TCL/TK 9. Fix FTBFS.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 18 2025 Tom Callaway [spot@fedoraproject.org] - 2.1.0-1
- update to 2.1.0
- update the bundled copy of libpng to 1.6.53
- update the bundled copy of libtiff to 4.7.1
- build for tcl/tk 9
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.4.16-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2337800 - Please update the package for the 'Tcl/Tk 9.0' Fedora change
https://bugzilla.redhat.com/show_bug.cgi?id=2337800
[ 2 ] Bug #2366434 - CVE-2025-4638 tkimg: Improper Pointer Arithmetic in pcl [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366434
[ 3 ] Bug #2383825 - CVE-2025-8176 tkimg: LibTIFF Use-After-Free Vulnerability [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383825
[ 4 ] Bug #2383831 - CVE-2025-8177 tkimg: LibTIFF Buffer Overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383831
[ 5 ] Bug #2385697 - tkimg: FTBFS in Fedora rawhide/f43
https://bugzilla.redhat.com/show_bug.cgi?id=2385697
[ 6 ] Bug #2386206 - CVE-2024-13978 tkimg: LibTIFF Null Pointer Dereference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386206
[ 7 ] Bug #2387669 - CVE-2025-8851 tkimg: LibTIFF Stack-based buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2387669
[ 8 ] Bug #2388598 - CVE-2025-8961 tkimg: LibTIFF memory corruption [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2388598
[ 9 ] Bug #2389610 - CVE-2025-9165 tkimg: LibTIFF memory leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2389610
[ 10 ] Bug #2417441 - CVE-2025-64720 tkimg: LIBPNG buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417441
[ 11 ] Bug #2417460 - CVE-2025-65018 tkimg: LIBPNG heap buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417460
[ 12 ] Bug #2417470 - CVE-2025-64506 tkimg: LIBPNG heap buffer over-read [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417470
[ 13 ] Bug #2417476 - CVE-2025-64720 tkimg: LIBPNG buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417476
[ 14 ] Bug #2417488 - CVE-2025-65018 tkimg: LIBPNG heap buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417488
[ 15 ] Bug #2417492 - CVE-2025-64506 tkimg: LIBPNG heap buffer over-read [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417492
[ 16 ] Bug #2418415 - CVE-2025-64505 tkimg: LIBPNG heap buffer overflow via malformed palette index [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418415
[ 17 ] Bug #2418427 - CVE-2025-64505 tkimg: LIBPNG heap buffer overflow via malformed palette index [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418427
[ 18 ] Bug #2418740 - CVE-2025-66293 tkimg: LIBPNG out-of-bounds read in png_image_read_composite [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418740
[ 19 ] Bug #2418751 - CVE-2025-66293 tkimg: LIBPNG out-of-bounds read in png_image_read_composite [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418751
[ 20 ] Bug #2423630 - CVE-2025-9900 tkimg: Libtiff Write-What-Where [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2423630
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-419c60783f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: gdu-5.32.0-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3b0fa1ac26
2025-12-28 00:49:44.327921+00:00
--------------------------------------------------------------------------------

Name : gdu
Product : Fedora 42
Version : 5.32.0
Release : 1.fc42
URL : https://github.com/dundee/gdu
Summary : Fast disk usage analyzer with console interface written in Go
Description :
Fast disk usage analyzer with console interface written in Go.

--------------------------------------------------------------------------------
Update Information:

Update to 5.32.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec 19 2025 Mikel Olasagasti Uranga [mikel@olasagasti.info] - 5.32.0-1
- Update to 5.32.0 - Closes rhbz#2416550
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2398687 - CVE-2025-47910 gdu: CrossOriginProtection bypass in net/http [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2398687
[ 2 ] Bug #2399368 - CVE-2025-47906 gdu: Unexpected paths returned from LookPath in os/exec [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399368
[ 3 ] Bug #2407890 - CVE-2025-58189 gdu: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2407890
[ 4 ] Bug #2409359 - CVE-2025-61723 gdu: Quadratic complexity when parsing some invalid inputs in encoding/pem [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2409359
[ 5 ] Bug #2410309 - CVE-2025-58185 gdu: Parsing DER payload can cause memory exhaustion in encoding/asn1 [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2410309
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3b0fa1ac26' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Samsung Odyssey OLED G6 S27FG60 27-inch 500 Hz QD-OLED gaming monitor review and more

PHP, MinGW, MariaDB, Libtar updates for Rocky Linux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...