LibTIFF and Keylime-Agent-Rust updates for Fedora

Fedora Linux 9173 Published by

Fedora has released security updates for three packages: libtiff, keylime-agent-rust, and another instance of libtiff. The first libtiff update addresses CVE-2025-9165 by fixing a memory leak in tiffcmp. The second libtiff update is specific to Fedora 41 and fixes two vulnerabilities: CVE-2024-13978 (null pointer dereference in tiff2pdf) and CVE-2025-8534 (null pointer dereference in tiff2ps).

Fedora 42 Update: libtiff-4.7.0-8.fc42
Fedora 42 Update: keylime-agent-rust-0.2.8-1.fc42
Fedora 41 Update: libtiff-4.6.0-6.fc41.2




[SECURITY] Fedora 42 Update: libtiff-4.7.0-8.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-ac7b2513a8
2025-08-27 01:22:54.950149+00:00
--------------------------------------------------------------------------------

Name : libtiff
Product : Fedora 42
Version : 4.7.0
Release : 8.fc42
URL : http://www.simplesystems.org/libtiff/
Summary : Library of functions for manipulating TIFF format image files
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2025-9165: memory leak in tiffcmp (rhbz#2389608)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 25 2025 Michal Hlavinka [mhlavink@redhat.com] - 4.7.0-8
- fix CVE-2025-9165: memory leak in tiffcmp (rhbz#2389608)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2389608 - CVE-2025-9165 libtiff: LibTIFF memory leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2389608
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-ac7b2513a8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: keylime-agent-rust-0.2.8-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6c7178c159
2025-08-27 01:22:54.950062+00:00
--------------------------------------------------------------------------------

Name : keylime-agent-rust
Product : Fedora 42
Version : 0.2.8
Release : 1.fc42
URL : https://github.com/keylime/rust-keylime/
Summary : Rust agent for Keylime
Description :
The Keylime agent

Requires: keylime-base

Requires: keylime-agent-rust-pull

--------------------------------------------------------------------------------
Update Information:

Update to upstream version 0.2.8
Update idna dependency to a version not affected by CVE-2024-12224
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 13 2025 Anderson Toshiyuki Sasaki [ansasaki@redhat.com] - 0.2.8-1
- Update to upstream version 0.2.8
* Mon Jun 16 2025 Fabio Valentini [decathorpe@gmail.com] - 0.2.7-5
- Rebuild for idna crate >= v1.0.0 (CVE-2024-12224)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2370589 - CVE-2024-12224 keylime-agent-rust: idna accepts Punycode labels that do not produce any non-ASCII when decoded [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370589
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6c7178c159' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 41 Update: libtiff-4.6.0-6.fc41.2


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5869edf3de
2025-08-27 01:13:40.334912+00:00
--------------------------------------------------------------------------------

Name : libtiff
Product : Fedora 41
Version : 4.6.0
Release : 6.fc41.2
URL : http://www.simplesystems.org/libtiff/
Summary : Library of functions for manipulating TIFF format image files
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.

The libtiff package should be installed if you need to manipulate TIFF
format image files.

--------------------------------------------------------------------------------
Update Information:

fix CVE-2025-8534: null pointer dereference in tiff2ps (rhbz#2386494)
fix CVE-2024-13978: null pointer dereference in tiff2pdf (rhbz#2386201)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 12 2025 Michal Hlavinka [mhlavink@redhat.com] - 4.6.0-6.2
- fix CVE-2025-8534: null pointer dereference in tiff2ps (rhbz#2386494)
* Tue Aug 12 2025 Michal Hlavinka [mhlavink@redhat.com] - 4.6.0-6.1
- fix CVE-2024-13978: null pointer dereference in tiff2pdf (rhbz#2386201)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2386201 - CVE-2024-13978 libtiff: LibTIFF Null Pointer Dereference [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386201
[ 2 ] Bug #2386494 - CVE-2025-8534 libtiff: Libtiff Null Pointer Dereference Vulnerability [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2386494
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5869edf3de' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Windows Terminal Preview 1.24.2372.0 released

GDK-PixBuf2, AIDE, Kpatch-patch,Ansible, Thunderbird, mod_http2 updates for RHEL

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...