The Fedora project has released updated MinGW-LibXSLT packages for Fedora Linux versions 41 and 42 to mitigate a security vulnerability identified as CVE-2025-7424. This vulnerability is characterized by type confusion in the xmlNode.psvi component, which could potentially impact the handling of stylesheet and source nodes.
- Fedora 42: The updated package version is `mingw-libxslt-1.1.43-3.fc42`.
- Version: 1.1.43.
- Release: 3.fc41 for Fedora 41 and 3.fc42 for Fedora 42.
- Description: This C library facilitates the transformation of XML files into other formats (like HTML or text) using the XSLT stylesheet transformation mechanism. It requires libxml2 version 2.6.27 or higher to function properly. The `xsltproc` command serves as the command line interface for the XSLT engine.
- Prior rebuilds were made for Fedora 43's mass rebuild process.
Updates:
- Fedora 41: The updated package version is `mingw-libxslt-1.1.43-3.fc41`.- Fedora 42: The updated package version is `mingw-libxslt-1.1.43-3.fc42`.
Details of the Update:
- Product: MinGW Windows Library providing the Gnome XSLT engine.- Version: 1.1.43.
- Release: 3.fc41 for Fedora 41 and 3.fc42 for Fedora 42.
- Description: This C library facilitates the transformation of XML files into other formats (like HTML or text) using the XSLT stylesheet transformation mechanism. It requires libxml2 version 2.6.27 or higher to function properly. The `xsltproc` command serves as the command line interface for the XSLT engine.
ChangeLog Highlights:
- The updates were prepared by Sandro Mani on July 27, 2025, specifically to address CVE-2025-7424.- Prior rebuilds were made for Fedora 43's mass rebuild process.
Installation Instructions:
Users can apply the updates using the DNF package manager. The command to upgrade is:su -c 'dnf upgrade --advisory FEDORA-2025-29d4b5b927' (for Fedora 41)For further instructions, users can refer to the DNF documentation.
su -c 'dnf upgrade --advisory FEDORA-2025-9bda2d2400' (for Fedora 42)
Security Note:
All packages from the Fedora Project are signed with a GPG key. Details about these keys can be found on the official Fedora website.Conclusion:
These updates are crucial for maintaining a secure environment while using the MinGW-LibXSLT library on Fedora systems. Users are encouraged to apply these updates promptly to protect against the identified vulnerabilitiesMinGW-LibXSLT update for Fedora
Updated MinGW-LibSLT packages are available for both Fedora Linux 41 and 42 to address CVE-2025-7424 (type confusion in xmlNode.psvi between stylesheet and source nodes):
Fedora 41 Update: mingw-libxslt-1.1.43-3.fc41
Fedora 42 Update: mingw-libxslt-1.1.43-3.fc42
