[Security Advisory] ALSA-2025:8292: mingw-freetype security update (Important)

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2025-05-29 Summary: MinGW Windows Freetype library. Security Fix(es): * freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files (CVE-2025-27363) * libsoup: Integer overflow in append_param_quoted (CVE-2025-32050) * libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052) * libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053) * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: NULL Pointer Dereference on libsoup through function "sniff_mp4" in soup-content-sniffer.c (CVE-2025-32909) * libsoup: Null pointer deference on libsoup via /auth/soup-auth-digest.c through "soup_auth_digest_authenticate" on client when server omits the "realm" parameter in an Unauthorized response with Digest authentication (CVE-2025-32910) * libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) * libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-8292.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team
participants (1)
-
AlmaLinux Errata Notifications