Fedora 40 Update: libxmp-4.6.2-3.fc40
Fedora 41 Update: libxmp-4.6.2-3.fc41
[SECURITY] Fedora 40 Update: libxmp-4.6.2-3.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-34421311f4
2025-05-13 02:17:57.560174+00:00
--------------------------------------------------------------------------------
Name : libxmp
Product : Fedora 40
Version : 4.6.2
Release : 3.fc40
URL : http://xmp.sourceforge.net/
Summary : A multi-format module playback library
Description :
Libxmp is a library that renders module files to PCM data. It supports
over 90 mainstream and obscure module formats including Protracker (MOD),
Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT).
Many compressed module formats are supported, including popular Unix, DOS,
and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-47256 .
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 7 2025 Michael Schwendt [mschwendt@fedoraproject.org] - 4.6.2-3
- Fix array subscript underflow in Pha Packer loader (CVE-2025-47256).
* Wed May 7 2025 Michael Schwendt [mschwendt@fedoraproject.org] - 4.6.2-2
- own cmake libxmp dir
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364611 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2364611
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-34421311f4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: libxmp-4.6.2-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77aae3213
2025-05-13 02:03:45.501010+00:00
--------------------------------------------------------------------------------
Name : libxmp
Product : Fedora 41
Version : 4.6.2
Release : 3.fc41
URL : http://xmp.sourceforge.net/
Summary : A multi-format module playback library
Description :
Libxmp is a library that renders module files to PCM data. It supports
over 90 mainstream and obscure module formats including Protracker (MOD),
Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT).
Many compressed module formats are supported, including popular Unix, DOS,
and Amiga file packers including gzip, bzip2, SQSH, Powerpack, etc.
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2025-47256 .
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 7 2025 Michael Schwendt [mschwendt@fedoraproject.org] - 4.6.2-3
- Fix array subscript underflow in Pha Packer loader (CVE-2025-47256).
* Wed May 7 2025 Michael Schwendt [mschwendt@fedoraproject.org] - 4.6.2-2
- own cmake libxmp dir
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2364612 - CVE-2025-47256 libxmp: stack-based buffer overflow via a malformed Pha format tracker module [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2364612
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77aae3213' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
