Fedora 42 Update: libtiff-4.7.0-7.fc42
Fedora 42 Update: pandoc-3.1.11.1-33.fc42
[SECURITY] Fedora 42 Update: libtiff-4.7.0-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a78662be2c
2025-08-15 01:03:42.055540+00:00
--------------------------------------------------------------------------------
Name : libtiff
Product : Fedora 42
Version : 4.7.0
Release : 7.fc42
URL : http://www.simplesystems.org/libtiff/
Summary : Library of functions for manipulating TIFF format image files
Description :
The libtiff package contains a library of functions for manipulating
TIFF (Tagged Image File Format) image format files. TIFF is a widely
used file format for bitmapped images. TIFF files usually end in the
.tif extension and they are often quite large.
The libtiff package should be installed if you need to manipulate TIFF
format image files.
--------------------------------------------------------------------------------
Update Information:
fixes CVE-2025-8534: null pointer dereference in tiff2p
fixes CVE-2024-13978: null pointer dereference in tiff2pdf
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 12 2025 Michal Hlavinka [mhlavink@redhat.com] - 4.7.0-7
- fix CVE-2024-13978: null pointer dereference in tiff2pdf (rhbz#2386201)
- fix CVE-2025-8534: null pointer dereference in tiff2ps (rhbz#2386494)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2386204 - CVE-2024-13978 libtiff: LibTIFF Null Pointer Dereference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2386204
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a78662be2c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: pandoc-3.1.11.1-33.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-07fdd73bf0
2025-08-15 01:03:42.055476+00:00
--------------------------------------------------------------------------------
Name : pandoc
Product : Fedora 42
Version : 3.1.11.1
Release : 33.fc42
URL : https://hackage.haskell.org/package/pandoc
Summary : Conversion between markup formats
Description :
Pandoc is a Haskell library for converting from one markup format to another.
The formats it can handle include
- light markup formats (many variants of Markdown, reStructuredText, AsciiDoc,
Org-mode, Muse, Textile, txt2tags) - HTML formats (HTML 4 and 5) - Ebook
formats (EPUB v2 and v3, FB2) - Documentation formats (GNU TexInfo, Haddock) -
Roff formats (man, ms) - TeX formats (LaTeX, ConTeXt) - Typst - XML formats
(DocBook 4 and 5, JATS, TEI Simple, OpenDocument) - Outline formats (OPML) -
Bibliography formats (BibTeX, BibLaTeX, CSL JSON, CSL YAML, RIS) - Word
processor formats (Docx, RTF, ODT) - Interactive notebook formats (Jupyter
notebook ipynb) - Page layout formats (InDesign ICML) - Wiki markup formats
(MediaWiki, DokuWiki, TikiWiki, TWiki, Vimwiki, XWiki, ZimWiki, Jira wiki,
Creole) - Slide show formats (LaTeX Beamer, PowerPoint, Slidy, reveal.js,
Slideous, S5, DZSlides) - Data formats (CSV and TSV tables) - PDF (via external
programs such as pdflatex or wkhtmltopdf)
Pandoc can convert mathematical content in documents between TeX, MathML, Word
equations, roff eqn, typst, and plain text. It includes a powerful system for
automatic citations and bibliographies, and it can be customized extensively
using templates, filters, and custom readers and writers written in Lua.
For the pandoc command-line program, see the 'pandoc-cli' package.
--------------------------------------------------------------------------------
Update Information:
update MANUAL to cover threat related to user HTML iframe
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 4 2025 Jens Petersen [petersen@redhat.com] - 3.1.11.1-33
- update MANUAL to cover threat related to HTML iframe
https://github.com/jgm/pandoc/issues/10682
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2379956 - CVE-2025-51591 pandoc: Server-Side Request Forgery in Pandoc [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2379956
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-07fdd73bf0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
