Fedora has announced important security updates for three packages: libtiff and keylime-agent-rust, with two separate updates for libtiff. The updates aim to address various vulnerabilities found in these packages.
The first libtiff update resolves a memory leak issue in the tiffcmp utility, linked to CVE-2025-9165. The second update, specific to Fedora 41, addresses two critical vulnerabilities: CVE-2024-13978, which involves a null pointer dereference in tiff2pdf, and CVE-2025-8534, which also relates to a null pointer dereference but in tiff2ps.
For Fedora 42, the updates include:
- libtiff version 4.7.0-8.fc42
- keylime-agent-rust version 0.2.8-1.fc42
The keylime-agent-rust update features an upgrade to version 0.2.8 and resolves an idna dependency issue related to CVE-2024-12224.
For users of Fedora 41, the libtiff update has been issued as version 4.6.0-6.fc41.2, incorporating fixes for the aforementioned vulnerabilities.
Users can install these updates using the "dnf" update program, and all packages are signed with the Fedora Project GPG key for security.
Extended Summary:
Fedora continuously prioritizes the security and functionality of its packages, with these recent updates reflecting their commitment to addressing vulnerabilities proactively. System administrators and users are encouraged to regularly update their systems to mitigate risks associated with known vulnerabilities. The updates not only enhance security but also ensure that users benefit from improved performance and stability in handling TIFF image files and using the Keylime agent. Fedora’s documentation provides detailed instructions for users to manage and install updates effectively, ensuring a smooth user experience while maintaining system integrity
The first libtiff update resolves a memory leak issue in the tiffcmp utility, linked to CVE-2025-9165. The second update, specific to Fedora 41, addresses two critical vulnerabilities: CVE-2024-13978, which involves a null pointer dereference in tiff2pdf, and CVE-2025-8534, which also relates to a null pointer dereference but in tiff2ps.
For Fedora 42, the updates include:
- libtiff version 4.7.0-8.fc42
- keylime-agent-rust version 0.2.8-1.fc42
The keylime-agent-rust update features an upgrade to version 0.2.8 and resolves an idna dependency issue related to CVE-2024-12224.
For users of Fedora 41, the libtiff update has been issued as version 4.6.0-6.fc41.2, incorporating fixes for the aforementioned vulnerabilities.
Users can install these updates using the "dnf" update program, and all packages are signed with the Fedora Project GPG key for security.
Extended Summary:
Fedora continuously prioritizes the security and functionality of its packages, with these recent updates reflecting their commitment to addressing vulnerabilities proactively. System administrators and users are encouraged to regularly update their systems to mitigate risks associated with known vulnerabilities. The updates not only enhance security but also ensure that users benefit from improved performance and stability in handling TIFF image files and using the Keylime agent. Fedora’s documentation provides detailed instructions for users to manage and install updates effectively, ensuring a smooth user experience while maintaining system integrity
LibTIFF and Keylime-Agent-Rust updates for Fedora
Fedora has released security updates for three packages: libtiff, keylime-agent-rust, and another instance of libtiff. The first libtiff update addresses CVE-2025-9165 by fixing a memory leak in tiffcmp. The second libtiff update is specific to Fedora 41 and fixes two vulnerabilities: CVE-2024-13978 (null pointer dereference in tiff2pdf) and CVE-2025-8534 (null pointer dereference in tiff2ps).
Fedora 42 Update: libtiff-4.7.0-8.fc42
Fedora 42 Update: keylime-agent-rust-0.2.8-1.fc42
Fedora 41 Update: libtiff-4.6.0-6.fc41.2LibTIFF and Keylime-Agent-Rust updates for Fedora @ Linux Compatible
