|
|
Log in / Subscribe / Register

Fedora alert FEDORA-2025-7c5b6a3bcb (texlive-base)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 43 Update: texlive-base-20230311-94.fc43


Date:
              Fri, 05 Dec 2025 02:11:42 +0000


Message-ID:
              <20251205021142.D10AD775F5@bastion01.rdu3.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7c5b6a3bcb
2025-12-05 02:08:09.994302+00:00
--------------------------------------------------------------------------------

Name        : texlive-base
Product     : Fedora 43
Version     : 20230311
Release     : 94.fc43
URL         : http://tug.org/texlive/
Summary     : TeX formatting system
Description :
The TeX Live software distribution offers a complete TeX system for a
variety of Unix, Macintosh, Windows and other platforms. It
encompasses programs for editing, typesetting, previewing and printing
of TeX documents in many different languages, and a large collection
of TeX macros and font libraries.

The distribution includes extensive general documentation about TeX,
as well as the documentation for the included software packages.

--------------------------------------------------------------------------------
Update Information:

Update to 4.06. Lots of bugfixes, but notably, security fixes for the following
CVEs:
CVE-2024-2971
CVE-2024-3247
CVE-2024-3248
CVE-2024-3900
CVE-2024-4141
CVE-2024-4568
CVE-2024-4976
CVE-2024-7866
CVE-2024-7867
CVE-2024-7868
CVE-2025-2574
CVE-2025-3154
CVE-2025-11896
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 26 2025 Björn Esser <besser82@fedoraproject.org> - 11:20230311-94
- Rebuild(xpdf)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2271913 - CVE-2024-2971 xpdf: negative object number in an indirect reference in a PDF
file can cause an out-of-bounds array write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2271913
  [ 2 ] Bug #2272853 - CVE-2024-3247 xpdf: stack-overflow in pdftotext [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2272853
  [ 3 ] Bug #2272856 - CVE-2024-3248 xpdf: stack overflow via pdftpng [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2272856
  [ 4 ] Bug #2275829 - CVE-2024-3900 xpdf: out-of-bounds array write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2275829
  [ 5 ] Bug #2277032 - CVE-2024-4141 xpdf: Out-of-bounds array write [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2277032
  [ 6 ] Bug #2279473 - CVE-2024-4568 xpdf: loop in the PDF resources leads to infinite recursion
[fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2279473
  [ 7 ] Bug #2280762 - CVE-2024-4976 xpdf: Out-of-bounds array write due to missing object type
check [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2280762
  [ 8 ] Bug #2305301 - CVE-2024-7868 xpdf: invalid header info in a DCT (JPEG) stream can lead to
an uninitialized variable in the DCT decoder [fedora-39]
        https://bugzilla.redhat.com/show_bug.cgi?id=2305301
  [ 9 ] Bug #2305302 - CVE-2024-7867 xpdf: integer overflow and divide-by-zero due to very large
coordinates in a page box [fedora-39]
        https://bugzilla.redhat.com/show_bug.cgi?id=2305302
  [ 10 ] Bug #2305307 - CVE-2024-7866 xpdf: infinite recursion and a stack overflow due to PDF
object loop in a pattern resource [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2305307
  [ 11 ] Bug #2354014 - CVE-2025-2574 xpdf: Out-of-bounds array write in Xpdf 4.05 due to incorrect
integer overflow checking [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2354014
  [ 12 ] Bug #2357056 - CVE-2025-3154 xpdf: Out-of-bounds array write due to invalid VerticesPerRow
in Xpdf 4.05 [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2357056
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7c5b6a3bcb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------





Attachment: None (type=text/plain)

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds