Fedora 42: mingw-libsoup Critical Out-of-Bounds Read CVE-2025-11021
fedora
December 23, 2025
Backport fix for CVE-2025-11021.
Summary
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
This is the MinGW build of Libsoup
Update Information:
Backport fix for CVE-2025-11021.
Topics Covered
Change Log
* Sun Dec 14 2025 Sandro Mani
References
[ 1 ] Bug #2399631 - CVE-2025-11021 mingw-libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2399631
[ 2 ] Bug #2399634 - CVE-2025-11021 mingw-libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2399634
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-6c78aad721' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: mingw-libsoup
Product: Fedora 42
Version: 2.74.3
Release: 14.fc42
Summary: MinGW library for HTTP and XML-RPC functionality
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!