Fedora 41 Update: mingw-poppler-24.02.0-5.fc41
Fedora 42 Update: pgbouncer-1.24.1-2.fc42
Fedora 42 Update: mingw-libsoup-2.74.3-11.fc42
Fedora 40 Update: pgbouncer-1.24.1-2.fc40
Fedora 40 Update: ImageMagick-7.1.1.47-1.fc40
Fedora 40 Update: golang-github-openprinting-ipp-usb-0.9.30-4.fc40
Fedora 40 Update: mingw-libsoup-2.74.3-11.fc40
Fedora 41 Update: pgbouncer-1.24.1-2.fc41
Fedora 41 Update: ImageMagick-7.1.1.47-1.fc41
Fedora 41 Update: mingw-libsoup-2.74.3-11.fc41
[SECURITY] Fedora 41 Update: mingw-poppler-24.02.0-5.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-5e9faa5173
2025-04-24 17:32:46.484802+00:00
--------------------------------------------------------------------------------
Name : mingw-poppler
Product : Fedora 41
Version : 24.02.0
Release : 5.fc41
URL : http://poppler.freedesktop.org/
Summary : MinGW Windows Poppler library
Description :
MinGW Windows Poppler library.
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-32364 and CVE-2025-32365.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 15 2025 Sandro Mani [manisandro@gmail.com] - 24.02.0-5
- Backport fixes for CVE-2025-32364 and CVE-2025-32365
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357812 - CVE-2025-32365 mingw-poppler: Out-of-Bounds Read in Poppler [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357812
[ 2 ] Bug #2357814 - CVE-2025-32365 mingw-poppler: Out-of-Bounds Read in Poppler [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357814
[ 3 ] Bug #2357816 - CVE-2025-32364 mingw-poppler: Floating-Point Exception in Poppler [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2357816
[ 4 ] Bug #2357818 - CVE-2025-32364 mingw-poppler: Floating-Point Exception in Poppler [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2357818
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-5e9faa5173' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: pgbouncer-1.24.1-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-25e04398c7
2025-04-25 02:11:13.705492+00:00
--------------------------------------------------------------------------------
Name : pgbouncer
Product : Fedora 42
Version : 1.24.1
Release : 2.fc42
URL : https://www.pgbouncer.org
Summary : Lightweight connection pooler for PostgreSQL
Description :
pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent
for low-level socket handling.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.1, fixes CVE-2025-2291.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 17 2025 Simone Caronni [negativo17@gmail.com] - 1.24.1-2
- Update license
* Thu Apr 17 2025 Simone Caronni [negativo17@gmail.com] - 1.24.1-1
- Update to 1.24.1 (CVE-2025-2291)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-25e04398c7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-11.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c4605302b8
2025-04-25 02:11:13.705339+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 42
Version : 2.74.3
Release : 11.fc42
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-32910, CVE-2025-32911, CVE-2025-32913
Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-11
- Backport fixes for CVE-2025-32910, CVE-2025-32911, CVE-2025-32913
* Tue Apr 15 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-10
- Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357079 - CVE-2025-32050 mingw-libsoup: Integer overflow in append_param_quoted [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357079
[ 2 ] Bug #2357086 - CVE-2025-32052 mingw-libsoup: Heap buffer overflow in sniff_unknown() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357086
[ 3 ] Bug #2357088 - CVE-2025-32053 mingw-libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357088
[ 4 ] Bug #2359346 - CVE-2025-32906 mingw-libsoup: Out of bounds reads in soup_headers_parse_request() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359346
[ 5 ] Bug #2359351 - CVE-2025-32907 mingw-libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359351
[ 6 ] Bug #2359361 - CVE-2025-32909 mingw-libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359361
[ 7 ] Bug #2359364 - CVE-2025-32910 mingw-libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359364
[ 8 ] Bug #2359367 - CVE-2025-32911 mingw-libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359367
[ 9 ] Bug #2359370 - CVE-2025-32913 mingw-libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c4605302b8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: pgbouncer-1.24.1-2.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-31397c2b6c
2025-04-25 01:58:58.477104+00:00
--------------------------------------------------------------------------------
Name : pgbouncer
Product : Fedora 40
Version : 1.24.1
Release : 2.fc40
URL : https://www.pgbouncer.org
Summary : Lightweight connection pooler for PostgreSQL
Description :
pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent
for low-level socket handling.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.1, fixes CVE-2025-2291.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 17 2025 Simone Caronni [negativo17@gmail.com] - 1.24.1-2
- Update license
* Thu Apr 17 2025 Simone Caronni [negativo17@gmail.com] - 1.24.1-1
- Update to 1.24.1 (CVE-2025-2291)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-31397c2b6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: ImageMagick-7.1.1.47-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9ba0ebe67a
2025-04-25 01:58:58.477030+00:00
--------------------------------------------------------------------------------
Name : ImageMagick
Product : Fedora 40
Version : 7.1.1.47
Release : 1.fc40
URL : https://imagemagick.org/
Summary : An X application for displaying and manipulating images
Description :
ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.
--------------------------------------------------------------------------------
Update Information:
Automatic update for ImageMagick-7.1.1.47-1.fc40.
Changelog for ImageMagick
* Sun Mar 30 2025 Packit [hello@packit.dev] - 1:7.1.1.47-1
- Update to version 7.1.1.47
- Resolves: rhbz#2356054
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 30 2025 Packit [hello@packit.dev] - 1:7.1.1.47-1
- Update to version 7.1.1.47
- Resolves: rhbz#2356054
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356054 - ImageMagick-7.1.1.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2356054
[ 2 ] Bug #2361981 - CVE-2025-46393 ImageMagick: Incorrect Calculation of Buffer Size in ImageMagick's Multispectral MIFF Processing [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361981
[ 3 ] Bug #2361984 - CVE-2025-43965 ImageMagick: Incorrect Handling of Image Depth in MIFF Processing in ImageMagick [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2361984
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-9ba0ebe67a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: golang-github-openprinting-ipp-usb-0.9.30-4.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2280949271
2025-04-25 01:58:58.477000+00:00
--------------------------------------------------------------------------------
Name : golang-github-openprinting-ipp-usb
Product : Fedora 40
Version : 0.9.30
Release : 4.fc40
URL : https://github.com/OpenPrinting/ipp-usb
Summary : HTTP reverse proxy, backed by IPP-over-USB connection to device
Description :
HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables
driverless support for USB devices capable of using IPP-over-USB protocol.
--------------------------------------------------------------------------------
Update Information:
rebuild with new golang to fix CVE-2025-22870 (fedora#2352013)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Zdenek Dohnal [zdohnal@redhat.com] - 0.9.30-4
- rebuild with new golang to fix CVE-2025-22870 (fedora#2352013)
* Fri Apr 11 2025 Zdenek Dohnal [zdohnal@redhat.com] - 0.9.30-3
- rebuilt with goipp 1.2.0
* Wed Mar 26 2025 Zdenek Dohnal [zdohnal@redhat.com] - 0.9.30-2
- update SPEC file with new changes from go2rpm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2351766 - CVE-2025-22870 golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
https://bugzilla.redhat.com/show_bug.cgi?id=2351766
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2280949271' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: mingw-libsoup-2.74.3-11.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-67e824b908
2025-04-25 01:58:58.476994+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 40
Version : 2.74.3
Release : 11.fc40
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-32910, CVE-2025-32911, CVE-2025-32913
Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-11
- Backport fixes for CVE-2025-32910, CVE-2025-32911, CVE-2025-32913
* Tue Apr 15 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-10
- Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.74.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357079 - CVE-2025-32050 mingw-libsoup: Integer overflow in append_param_quoted [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357079
[ 2 ] Bug #2357086 - CVE-2025-32052 mingw-libsoup: Heap buffer overflow in sniff_unknown() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357086
[ 3 ] Bug #2357088 - CVE-2025-32053 mingw-libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357088
[ 4 ] Bug #2359346 - CVE-2025-32906 mingw-libsoup: Out of bounds reads in soup_headers_parse_request() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359346
[ 5 ] Bug #2359351 - CVE-2025-32907 mingw-libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359351
[ 6 ] Bug #2359361 - CVE-2025-32909 mingw-libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359361
[ 7 ] Bug #2359364 - CVE-2025-32910 mingw-libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359364
[ 8 ] Bug #2359367 - CVE-2025-32911 mingw-libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359367
[ 9 ] Bug #2359370 - CVE-2025-32913 mingw-libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-67e824b908' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: pgbouncer-1.24.1-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d919f11f99
2025-04-25 01:47:40.996759+00:00
--------------------------------------------------------------------------------
Name : pgbouncer
Product : Fedora 41
Version : 1.24.1
Release : 2.fc41
URL : https://www.pgbouncer.org
Summary : Lightweight connection pooler for PostgreSQL
Description :
pgbouncer is a lightweight connection pooler for PostgreSQL and uses libevent
for low-level socket handling.
--------------------------------------------------------------------------------
Update Information:
Update to 1.24.1, fixes CVE-2025-2291.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 17 2025 Simone Caronni [negativo17@gmail.com] - 1.24.1-2
- Update license
* Thu Apr 17 2025 Simone Caronni [negativo17@gmail.com] - 1.24.1-1
- Update to 1.24.1 (CVE-2025-2291)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d919f11f99' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ImageMagick-7.1.1.47-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e2287efebb
2025-04-25 01:47:40.996703+00:00
--------------------------------------------------------------------------------
Name : ImageMagick
Product : Fedora 41
Version : 7.1.1.47
Release : 1.fc41
URL : https://imagemagick.org/
Summary : An X application for displaying and manipulating images
Description :
ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
and Photo CD image formats. It can resize, rotate, sharpen, color
reduce, or add special effects to an image, and when finished you can
either save the completed work in the original format or a different
one. ImageMagick also includes command line programs for creating
animated or transparent .gifs, creating composite images, creating
thumbnail images, and more.
ImageMagick is one of your choices if you need a program to manipulate
and display images. If you want to develop your own applications
which use ImageMagick code or APIs, you need to install
ImageMagick-devel as well.
--------------------------------------------------------------------------------
Update Information:
Automatic update for ImageMagick-7.1.1.47-1.fc41.
Changelog for ImageMagick
* Sun Mar 30 2025 Packit [hello@packit.dev] - 1:7.1.1.47-1
- Update to version 7.1.1.47
- Resolves: rhbz#2356054
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 30 2025 Packit [hello@packit.dev] - 1:7.1.1.47-1
- Update to version 7.1.1.47
- Resolves: rhbz#2356054
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2356054 - ImageMagick-7.1.1.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2356054
[ 2 ] Bug #2361983 - CVE-2025-46393 ImageMagick: Incorrect Calculation of Buffer Size in ImageMagick's Multispectral MIFF Processing [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361983
[ 3 ] Bug #2361986 - CVE-2025-43965 ImageMagick: Incorrect Handling of Image Depth in MIFF Processing in ImageMagick [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2361986
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e2287efebb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-libsoup-2.74.3-11.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-bd12d23d21
2025-04-25 01:47:40.996613+00:00
--------------------------------------------------------------------------------
Name : mingw-libsoup
Product : Fedora 41
Version : 2.74.3
Release : 11.fc41
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
--------------------------------------------------------------------------------
Update Information:
Backport fixes for CVE-2025-32910, CVE-2025-32911, CVE-2025-32913
Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 16 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-11
- Backport fixes for CVE-2025-32910, CVE-2025-32911, CVE-2025-32913
* Tue Apr 15 2025 Sandro Mani [manisandro@gmail.com] - 2.74.3-10
- Backport fixes for CVE-2025-32050 CVE-2025-32052 CVE-2025-32053 CVE-2025-32906
CVE-2025-32907 CVE-2025-32909
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.74.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2357079 - CVE-2025-32050 mingw-libsoup: Integer overflow in append_param_quoted [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357079
[ 2 ] Bug #2357086 - CVE-2025-32052 mingw-libsoup: Heap buffer overflow in sniff_unknown() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357086
[ 3 ] Bug #2357088 - CVE-2025-32053 mingw-libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2357088
[ 4 ] Bug #2359346 - CVE-2025-32906 mingw-libsoup: Out of bounds reads in soup_headers_parse_request() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359346
[ 5 ] Bug #2359351 - CVE-2025-32907 mingw-libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359351
[ 6 ] Bug #2359361 - CVE-2025-32909 mingw-libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359361
[ 7 ] Bug #2359364 - CVE-2025-32910 mingw-libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359364
[ 8 ] Bug #2359367 - CVE-2025-32911 mingw-libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359367
[ 9 ] Bug #2359370 - CVE-2025-32913 mingw-libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359370
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-bd12d23d21' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
