MinGW updates for Fedora 42

Fedora Linux 9227 Published by

Fedora 42 has received several security updates, including updates for mingw-libsoup, mingw-harfbuzz, mingw-glib2, and mingw-openexr. These packages fix various vulnerabilities, including CVE-2025-14523 in mingw-libsoup, CVE-2026-22693 in mingw-harfbuzz, CVE-2026-0988 in mingw-glib2, and multiple security issues in mingw-openexr.

Fedora 42 Update: mingw-libsoup-2.74.3-16.fc42
Fedora 42 Update: mingw-harfbuzz-10.2.0-3.fc42
Fedora 42 Update: mingw-glib2-2.84.4-2.fc42
Fedora 42 Update: mingw-openexr-3.3.6-1.fc42




[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-16.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-c3c95cc5f9
2026-01-26 01:06:41.638953+00:00
--------------------------------------------------------------------------------

Name : mingw-libsoup
Product : Fedora 42
Version : 2.74.3
Release : 16.fc42
URL : https://wiki.gnome.org/Projects/libsoup
Summary : MinGW library for HTTP and XML-RPC functionality
Description :
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).

This is the MinGW build of Libsoup

--------------------------------------------------------------------------------
Update Information:

Backport fix for CVE-2025-14523
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 2.74.3-16
- Backport patch for CVE-2025-14523
* Fri Jan 16 2026 Fedora Release Engineering [releng@fedoraproject.org] - 2.74.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2421353 - CVE-2025-14523 mingw-libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2421353
[ 2 ] Bug #2421356 - CVE-2025-14523 mingw-libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2421356
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-c3c95cc5f9' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: mingw-harfbuzz-10.2.0-3.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-2301995d0a
2026-01-26 01:06:41.638948+00:00
--------------------------------------------------------------------------------

Name : mingw-harfbuzz
Product : Fedora 42
Version : 10.2.0
Release : 3.fc42
URL : http://www.harfbuzz.org
Summary : MinGW Windows Harfbuzz library
Description :
HarfBuzz is an implementation of the OpenType Layout engine.

--------------------------------------------------------------------------------
Update Information:

Backport patch for CVE-2026-22693.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 10.2.0-3
- Backport patch for CVE-2026-22693
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429284 - CVE-2026-22693 mingw-harfbuzz: Null Pointer Dereference in harfbuzz [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429284
[ 2 ] Bug #2429295 - CVE-2026-22693 mingw-harfbuzz: Null Pointer Dereference in harfbuzz [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429295
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-2301995d0a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: mingw-glib2-2.84.4-2.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0955012bb5
2026-01-26 01:06:41.638951+00:00
--------------------------------------------------------------------------------

Name : mingw-glib2
Product : Fedora 42
Version : 2.84.4
Release : 2.fc42
URL : http://www.gtk.org
Summary : MinGW Windows GLib2 library
Description :
MinGW Windows Glib2 library.

--------------------------------------------------------------------------------
Update Information:

Backport patch for CVE-2026.0988.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 2.84.4-2
- Backport fix for CVE-2026-0988
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2429900 - CVE-2026-0988 mingw-glib2: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2429900
[ 2 ] Bug #2429919 - CVE-2026-0988 mingw-glib2: GLib: Denial of Service via Integer Overflow in g_buffered_input_stream_peek() [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2429919
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0955012bb5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--



[SECURITY] Fedora 42 Update: mingw-openexr-3.3.6-1.fc42


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-0e8fe3c8a3
2026-01-26 01:06:41.638956+00:00
--------------------------------------------------------------------------------

Name : mingw-openexr
Product : Fedora 42
Version : 3.3.6
Release : 1.fc42
URL : http://www.openexr.com/
Summary : MinGW Windows openexr library
Description :
MinGW Windows openexr library.

--------------------------------------------------------------------------------
Update Information:

Update to openexr-3.3.6, fixes multiple security issues.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jan 17 2026 Sandro Mani [manisandro@gmail.com] - 3.3.6-1
- Update to 3.3.6
* Sun Aug 10 2025 Sandro Mani [manisandro@gmail.com] - 3.3.5-2
- Rebuild (imath)
* Sun Jul 27 2025 Sandro Mani [manisandro@gmail.com] - 3.3.5-1
- Update to 3.3.5
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 3.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 9 2025 Sandro Mani [manisandro@gmail.com] - 3.3.4-1
- Update to 3.3.4
* Fri Mar 28 2025 Sandro Mani [manisandro@gmail.com] - 3.3.3-1
- Update to 3.3.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2417239 - CVE-2025-64183 mingw-openexr: use after free in PyObject_StealAttrString [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417239
[ 2 ] Bug #2417242 - CVE-2025-64183 mingw-openexr: use after free in PyObject_StealAttrString [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417242
[ 3 ] Bug #2417985 - CVE-2025-64182 mingw-openexr: buffer overflow in PyOpenEXR_old's channels() and channel() [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2417985
[ 4 ] Bug #2417987 - CVE-2025-64182 mingw-openexr: buffer overflow in PyOpenEXR_old's channels() and channel() [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2417987
[ 5 ] Bug #2418247 - CVE-2025-64181 mingw-openexr: Use of Uninitialized Memory inside generic_unpack [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2418247
[ 6 ] Bug #2418249 - CVE-2025-64181 mingw-openexr: Use of Uninitialized Memory inside generic_unpack [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2418249
[ 7 ] Bug #2424903 - CVE-2025-12839 mingw-openexr: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424903
[ 8 ] Bug #2424904 - CVE-2025-12840 mingw-openexr: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424904
[ 9 ] Bug #2424908 - CVE-2025-12495 mingw-openexr: OpenEXR: Remote Code Execution via malicious EXR file parsing [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2424908
[ 10 ] Bug #2424913 - CVE-2025-12839 mingw-openexr: OpenEXR: Remote Code Execution via Heap-based Buffer Overflow in EXR File Parsing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424913
[ 11 ] Bug #2424915 - CVE-2025-12840 mingw-openexr: OpenEXR: Remote Code Execution via EXR file parsing heap-based buffer overflow [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424915
[ 12 ] Bug #2424920 - CVE-2025-12495 mingw-openexr: OpenEXR: Remote Code Execution via malicious EXR file parsing [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2424920
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-0e8fe3c8a3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--


Goverlay 1.7.2 released

CoreDNS, Python-urllib3, Chromium, and more updates for SUSE Linux

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...