Updated libxmp packages have been released for Fedora Linux versions 40 and 41 to address a security vulnerability related to an array subscript underflow in the Pha Packer loader. The updates are as follows:
- Fedora 40 Update: libxmp version 4.6.2-3.fc40
- Fedora 41 Update: libxmp version 4.6.2-3.fc41
Security Fix:
Both updates resolve the same issue identified as CVE-2025-47256, which could lead to a stack-based buffer overflow when processing malformed Pha format tracker modules.
Package Information:
Libxmp is a multi-format module playback library capable of rendering various module file formats, such as Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). It supports over 90 formats and can handle multiple compressed formats used in Unix, DOS, and Amiga systems.
Users can install these updates using the DNF package manager. For Fedora 40, the command is:
All packages are signed with the Fedora Project GPG key, ensuring their authenticity. Detailed documentation about the DNF update process can be found [here](http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label). For more information on the GPG keys used by the Fedora Project, please visit [this link](https://fedoraproject.org/keys).
These updates are crucial for maintaining the security and functionality of the libxmp library within Fedora operating systems. Users are encouraged to update their systems promptly to mitigate potential security risks associated with the identified vulnerability
- Fedora 40 Update: libxmp version 4.6.2-3.fc40
- Fedora 41 Update: libxmp version 4.6.2-3.fc41
Update Details
Security Fix:
Both updates resolve the same issue identified as CVE-2025-47256, which could lead to a stack-based buffer overflow when processing malformed Pha format tracker modules.
Package Information:
Libxmp is a multi-format module playback library capable of rendering various module file formats, such as Protracker (MOD), Scream Tracker 3 (S3M), Fast Tracker II (XM), and Impulse Tracker (IT). It supports over 90 formats and can handle multiple compressed formats used in Unix, DOS, and Amiga systems.
Installation Instructions
Users can install these updates using the DNF package manager. For Fedora 40, the command is:
bashsu -c 'dnf upgrade --advisory FEDORA-2025-34421311f4'For Fedora 41, the command is:
bashsu -c 'dnf upgrade --advisory FEDORA-2025-a77aae3213'
Additional Information
All packages are signed with the Fedora Project GPG key, ensuring their authenticity. Detailed documentation about the DNF update process can be found [here](http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label). For more information on the GPG keys used by the Fedora Project, please visit [this link](https://fedoraproject.org/keys).
Conclusion
These updates are crucial for maintaining the security and functionality of the libxmp library within Fedora operating systems. Users are encouraged to update their systems promptly to mitigate potential security risks associated with the identified vulnerability
LibXMP updates for Fedora 40 41
Updated libxmp packages are now available for Fedora Linux versions 40 and 41 to resolve an array subscript underflow issue in the Pha Packer loader:
Fedora 40 Update: libxmp-4.6.2-3.fc40
Fedora 41 Update: libxmp-4.6.2-3.fc41
