Описание
ELSA-2025-19713: libsoup security update (IMPORTANT)
[2.72.0-10.3]
- Backport patch for CVE-2025-4945 and CVE-2025-11021
[2.72.0-10.2]
- Backport patches for various CVEs Resolves: RHEL-85888 Resolves: RHEL-87081 Resolves: RHEL-88332 Resolves: RHEL-92285
[2.72.0-10.1]
- Backport patches for various CVEs, plus test improvements Resolves: RHEL-85906 Resolves: RHEL-85912 Resolves: RHEL-85919 Resolves: RHEL-87061 Resolves: RHEL-87069 Resolves: RHEL-87102 Resolves: RHEL-87120 Resolves: RHEL-88364 Resolves: RHEL-88367
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libsoup
2.72.0-10.el9_6.3
libsoup-devel
2.72.0-10.el9_6.3
Oracle Linux x86_64
libsoup
2.72.0-10.el9_6.3
libsoup-devel
2.72.0-10.el9_6.3
Связанные CVE
Связанные уязвимости
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
Libsoup: out-of-bounds read in cookie date handling of libsoup http library