Описание
ELSA-2026-0422: libsoup security update (IMPORTANT)
[2.72.0-12.3]
- Fix patch for CVE-2025-14523 to handle comparison case-insensitively
[2.72.0-12.2]
- Backport patch for CVE-2025-14523
[2.72.0-12.1]
- Backport patch for CVE-2025-4945 and CVE-2025-11021
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libsoup
2.72.0-12.el9_7.3
libsoup-devel
2.72.0-12.el9_7.3
Oracle Linux x86_64
libsoup
2.72.0-12.el9_7.3
libsoup-devel
2.72.0-12.el9_7.3
Связанные CVE
Связанные уязвимости
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
A flaw in libsoup\u2019s HTTP header handling allows multiple Host: he ...
