Описание
ELSA-2024-9654: libsoup security update (IMPORTANT)
[2.62.2-2.0.1]
- Fixed CVE-2024-52530 for smuggling nullbytes in header names [Orabug: 37289659]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
libsoup
2.62.2-2.0.1.el7
libsoup-devel
2.62.2-2.0.1.el7
Oracle Linux x86_64
libsoup
2.62.2-2.0.1.el7
libsoup-devel
2.62.2-2.0.1.el7
Связанные CVE
Связанные уязвимости
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some confi ...