Fedora 42 Update: libsoup3-3.6.5-2.fc42
Fedora 42 Update: binutils-2.44-6.fc42
[SECURITY] Fedora 42 Update: libsoup3-3.6.5-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-99768b0fab
2025-08-02 04:17:27.037401+00:00
--------------------------------------------------------------------------------
Name : libsoup3
Product : Fedora 42
Version : 3.6.5
Release : 2.fc42
URL : https://wiki.gnome.org/Projects/libsoup
Summary : Soup, an HTTP library implementation
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it), but the SOAP parts were removed
long ago.
--------------------------------------------------------------------------------
Update Information:
This update fixes these CVEs:
CVE-2025-4948
CVE-2025-32908
CVE-2025-32907
CVE-2025-4969
CVE-2025-4945
CVE-2025-4476
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 30 2025 Marek Kasik [mkasik@redhat.com] - 3.6.5-2
- Fix multiple CVEs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359349 - CVE-2025-32907 libsoup3: Denial of service in server when client requests a large amount of overlapping ranges with Range header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359349
[ 2 ] Bug #2359350 - CVE-2025-32908 libsoup3: Denial of service on libsoup through HTTP/2 server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359350
[ 3 ] Bug #2366518 - CVE-2025-4476 libsoup3: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2366518
[ 4 ] Bug #2366522 - CVE-2025-4476 libsoup3: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2366522
[ 5 ] Bug #2367177 - CVE-2025-4945 libsoup3: Integer Overflow in Cookie Expiration Date Handling in libsoup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367177
[ 6 ] Bug #2367189 - CVE-2025-4948 libsoup3: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2367189
[ 7 ] Bug #2367554 - CVE-2025-4969 libsoup3: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2367554
[ 8 ] Bug #2367557 - CVE-2025-4969 libsoup3: Off-by-One Out-of-Bounds Read in find_boundary() in soup-multipart.c [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2367557
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-99768b0fab' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: binutils-2.44-6.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c5b7a12d2d
2025-08-02 04:17:27.037398+00:00
--------------------------------------------------------------------------------
Name : binutils
Product : Fedora 42
Version : 2.44
Release : 6.fc42
URL : https://sourceware.org/binutils
Summary : A GNU collection of binary utilities
Description :
Binutils is a collection of binary utilities, including ar (for
creating, modifying and extracting from archives), as (a family of GNU
assemblers), gprof (for displaying call graph profile data), ld (the
GNU linker), nm (for listing symbols from object files), objcopy (for
copying and translating object files), objdump (for displaying
information from object files), ranlib (for generating an index for
the contents of an archive), readelf (for displaying detailed
information about binary files), size (for listing the section sizes
of an object or archive file), strings (for listing printable strings
from files), strip (for discarding symbols), and addr2line (for
converting addresses to file and line).
--------------------------------------------------------------------------------
Update Information:
Backports patch to fix non-CVE 2025-8224
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 29 2025 Nick Clifton [nickc@redhat.com] - 2.44-6
- Stop a potential null pointer dereference when examining corrupt DWARF debug information. (#2383860) (#2383873)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2383860 - CVE-2025-8224 binutils: Binutils BFD Null Pointer Dereference [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383860
[ 2 ] Bug #2383873 - CVE-2025-8225 binutils: Binutils DWARF Section Handler Memory Leak [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2383873
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c5b7a12d2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
