Fedora 42 Update: glibc-2.41-7.fc42
Fedora 42 Update: optipng-7.9.1-1.fc42
Fedora 42 Update: mingw-glib2-2.84.3-1.fc42
Fedora 41 Update: optipng-7.9.1-1.fc41
Fedora 41 Update: mingw-glib2-2.82.5-1.fc41
[SECURITY] Fedora 42 Update: glibc-2.41-7.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-851644b160
2025-06-24 01:43:05.447065+00:00
--------------------------------------------------------------------------------
Name : glibc
Product : Fedora 42
Version : 2.41
Release : 7.fc42
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
--------------------------------------------------------------------------------
Update Information:
This update addresses two string function vulnerabilities specific to POWER10
machines (CVE-2025-5702, CVE-2025-5745) and fixes a bug in TLS management when
auditors are used (rhbz#2330213).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 20 2025 Florian Weimer [fweimer@redhat.com] - 2.41-7
- Auto-sync with upstream branch release/2.41/master,
commit 6e489c17f827317bcf8544efefa65f13b5a079dc:
- ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702)
- ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059)
- ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702)
- ppc64le: Revert "powerpc: Optimized strncmp for power10" (CVE-2025-5745)
- elf: Keep using minimal malloc after early DTV resize (bug 32412)
- nptl: Fix pthread_getattr_np when modules with execstack are allowed (BZ 32897)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2330213 - ld.so calls realloc on a DTV which wasn't allocated with malloc
https://bugzilla.redhat.com/show_bug.cgi?id=2330213
[ 2 ] Bug #2370507 - CVE-2025-5702 glibc: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370507
[ 3 ] Bug #2370512 - CVE-2025-5745 glibc: From CVEorg collector [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2370512
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-851644b160' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: optipng-7.9.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6b4a9c1dd1
2025-06-24 01:43:05.446986+00:00
--------------------------------------------------------------------------------
Name : optipng
Product : Fedora 42
Version : 7.9.1
Release : 1.fc42
URL : http://optipng.sourceforge.net/
Summary : PNG optimizer and converter
Description :
OptiPNG is a PNG optimizer that recompresses image files to a smaller size,
without losing any information. This program also converts external formats
(BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks
and corrections.
--------------------------------------------------------------------------------
Update Information:
Update to 7.9.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 15 2025 Peter Hanecak [hany@hany.sk] - 7.9.1-1
- Update to 7.9.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242460 - CVE-2023-43907 optipng: global buffer overflow via the 'buffer' variable at gifread.c. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242460
[ 2 ] Bug #2359202 - optipng-7.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2359202
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6b4a9c1dd1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: mingw-glib2-2.84.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-60e9097b77
2025-06-24 01:43:05.446945+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 42
Version : 2.84.3
Release : 1.fc42
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
FIx CVE-2025-6052.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 15 2025 Sandro Mani [manisandro@gmail.com] - 2.84.3-1
- Update to 2.84.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2372671 - CVE-2025-6052 mingw-glib2: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2372671
[ 2 ] Bug #2372673 - CVE-2025-6052 mingw-glib2: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2372673
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-60e9097b77' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: optipng-7.9.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-0533c67535
2025-06-24 01:04:27.682929+00:00
--------------------------------------------------------------------------------
Name : optipng
Product : Fedora 41
Version : 7.9.1
Release : 1.fc41
URL : http://optipng.sourceforge.net/
Summary : PNG optimizer and converter
Description :
OptiPNG is a PNG optimizer that recompresses image files to a smaller size,
without losing any information. This program also converts external formats
(BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks
and corrections.
--------------------------------------------------------------------------------
Update Information:
Update to 7.9.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 15 2025 Peter Hanecak [hany@hany.sk] - 7.9.1-1
- Update to 7.9.1
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242460 - CVE-2023-43907 optipng: global buffer overflow via the 'buffer' variable at gifread.c. [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2242460
[ 2 ] Bug #2359202 - optipng-7.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2359202
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-0533c67535' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mingw-glib2-2.82.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-2c1425a4e4
2025-06-24 01:04:27.682895+00:00
--------------------------------------------------------------------------------
Name : mingw-glib2
Product : Fedora 41
Version : 2.82.5
Release : 1.fc41
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.
--------------------------------------------------------------------------------
Update Information:
FIx CVE-2025-6052.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 15 2025 Sandro Mani [manisandro@gmail.com] - 2.82.5-1
- Update to 2.82.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2372671 - CVE-2025-6052 mingw-glib2: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2372671
[ 2 ] Bug #2372673 - CVE-2025-6052 mingw-glib2: Integer overflow in g_string_maybe_expand() leading to potential buffer overflow in GLib GString [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2372673
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-2c1425a4e4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
