Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: libcoap Security Update 2025-6a43695048 for Denial of Service

fedora
Calendar Grey December 5, 2025
Dist Fedora Esm H88
Update to libcoap for Fedora 42 addresses multiple critical issues including denial of service and use-after-free vulnerabilities.
Update to security release 4.3.5a

Summary

The Constrained Application Protocol (CoAP) is a specialized web transfer

protocol for use with constrained nodes and constrained networks in the Internet

of Things. The protocol is designed for machine-to-machine (M2M) applications

such as smart energy and building automation.

libcoap implements a lightweight application-protocol for devices with

constrained resources such as computing power, RF range, memory, bandwidth,

or network packet sizes. This protocol, CoAP, was standardized in the IETF

working group "CoRE" as RFC 7252.

Update Information:

Update to security release 4.3.5a

Topics%20covered

Topics Covered

security advisory denial of service fedora software update use-after-free libcoap

Change Log

* Sat Nov 29 2025 Peter Robinson - 4.3.5a-1 - Update to 4.3.5a * Thu Jul 24 2025 Fedora Release Engineering - 4.3.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #2388738 - CVE-2025-50518 libcoap: Libcoap Use-After-Free Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2388738 [ 2 ] Bug #2388740 - CVE-2025-50518 libcoap: Libcoap Use-After-Free Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2388740 [ 3 ] Bug #2416889 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2416889 [ 4 ] Bug #2416890 - CVE-2025-65494 libcoap: libcoap denial of service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2416890 [ 5 ] Bug #2416891 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2416891 [ 6 ] Bug #2416892 - CVE-2025-65495 libcoap: libcoap denial of service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2416892 [ 7 ] Bug #2416893 - CVE-2025-65493 libcoap: libcoap denial of service [fedora-43] ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6a43695048' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: libcoap
Product: Fedora 42
Version: 4.3.5a
Release: 1.fc42
URL: https://libcoap.net/
Summary: C library implementation of CoAP

Topics%20covered

Topics Covered

security advisory denial of service fedora software update use-after-free libcoap

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here