Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 41: FEDORA-2025-3b89fef0f9 critical: libsoup fixes

fedora
Calendar Grey June 8, 2025
Dist Fedora Esm H88
This report outlines essential corrections for various vulnerabilities found in the Fedora 41's libsoup library.
Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945

Summary

Libsoup is an HTTP library implementation in C. It was originally part

of a SOAP (Simple Object Access Protocol) implementation called Soup, but

the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK

applications. This enables GNOME applications to access HTTP servers

on the network in a completely asynchronous fashion, very similar to

the Gtk+ programming model (a synchronous operation mode is also

supported for those who want it).

This is the MinGW build of Libsoup

Update Information:

Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945

Topics%20covered

Topics Covered

security advisory update Fedora memory leak Denial of Service libsoup

Change Log

* Fri May 30 2025 Sandro Mani - 2.74.3-12 - Backport fixes for CVE-2025-4476, CVE-2025-4948, CVE-2025-4969, CVE-2025-46420, CVE-2025-46421, CVE-2025-4945

References


[ 1 ] Bug #2357076 - CVE-2025-32049 mingw-libsoup: Denial of Service attack to websocket server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2357076 [ 2 ] Bug #2361967 - CVE-2025-46420 mingw-libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2361967 [ 3 ] Bug #2361969 - CVE-2025-46421 mingw-libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2361969 [ 4 ] Bug #2366519 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366519 [ 5 ] Bug #2366523 - CVE-2025-4476 mingw-libsoup: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-3b89fef0f9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mingw-libsoup
Product: Fedora 41
Version: 2.74.3
Release: 12.fc41
URL: https://wiki.gnome.org/Projects/libsoup
Summary: MinGW library for HTTP and XML-RPC functionality

Topics%20covered

Topics Covered

security advisory update Fedora memory leak Denial of Service libsoup

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here