Описание
Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
-
libsoup: Heap buffer over-read in
skip_insignificant_space
when sniffing content (CVE-2025-2784) -
libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
-
libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
-
libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2354669
- Red Hat - 2357066
- Red Hat - 2359358
- Red Hat - 2367183
Связанные уязвимости
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.