Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-19720

Опубликовано: 04 нояб. 2025
Источник: oracle-oval
Платформа: Oracle Linux 10

Описание

ELSA-2025-19720: libsoup3 security update (LOW)

[3.6.5-9]

  • Revert 'Fix handling of invalid dates in cookie expires attribute (CVE-2025-11021)'

[3.6.5-8]

  • Fix integer overflow in date/time parsing

[3.6.5-7]

  • Fix handling of invalid dates in cookie expires attribute (CVE-2025-11021)

[3.6.5-6]

  • Add patch for CVE-2025-32907

[3.6.5-5]

  • Fix release field

[3.6.5-4]

  • Fix several CVEs

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

libsoup3

3.6.5-3.el10_0.9

libsoup3-devel

3.6.5-3.el10_0.9

libsoup3-doc

3.6.5-3.el10_0.9

Oracle Linux x86_64

libsoup3

3.6.5-3.el10_0.9

libsoup3-devel

3.6.5-3.el10_0.9

libsoup3-doc

3.6.5-3.el10_0.9

Связанные CVE

CVE-2025-4945

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-4945

CVSS3: 3.7
ubuntu
6 месяцев назад

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

redhat логотип

CVE-2025-4945

CVSS3: 3.7
redhat
6 месяцев назад

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

nvd логотип

CVE-2025-4945

CVSS3: 3.7
nvd
6 месяцев назад

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

debian логотип

CVE-2025-4945

CVSS3: 3.7
debian
6 месяцев назад

A flaw was found in the cookie parsing logic of the libsoup HTTP libra ...

suse-cvrf логотип

SUSE-SU-2025:03026-1

suse-cvrf
2 месяца назад

Security update for libsoup