Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:4560

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Important

Описание

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)

  • libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)

  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)

  • libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)

  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)

  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)

  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)

  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)

  • libsoup: Integer overflow in append_param_quoted [rhel-8.10.z] (CVE-2025-32050)

  • libsoup: Heap buffer overflow in sniff_unknown() [rhel-8.10.z] (CVE-2025-32052)

  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() [rhel-8.10.z] (CVE-2025-32053)

  • libsoup: Out of bounds reads in soup_headers_parse_request() [rhel-8.10.z] (CVE-2025-32906)

  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value [rhel-8.10.z] (CVE-2025-32911)

  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header [rhel-8.10.z] (CVE-2025-32913)

  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c [rhel-8.10.z] (CVE-2025-46420)

  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server [rhel-8.10.z] (CVE-2025-46421)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libsoupx86_648.el8_10libsoup-2.62.3-8.el8_10.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-32050
CVE-2025-32052
CVE-2025-32053
CVE-2025-32906
CVE-2025-32911
CVE-2025-32913
CVE-2025-46420
CVE-2025-46421

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2025-4560

oracle-oval
3 месяца назад

ELSA-2025-4560: libsoup security update (IMPORTANT)

oracle-oval логотип

ELSA-2025-7436

oracle-oval
3 месяца назад

ELSA-2025-7436: libsoup security update (IMPORTANT)

suse-cvrf логотип

SUSE-SU-2025:1504-1

suse-cvrf
3 месяца назад

Security update for libsoup

suse-cvrf логотип

SUSE-SU-2025:01504-1

suse-cvrf
2 месяца назад

Security update for libsoup

rocky логотип

RLSA-2025:8292

rocky
8 дней назад

Important: mingw-freetype and spice-client-win security update