Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:8132

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Important

Описание

Important: libsoup security update

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: Heap buffer over-read in skip_insignificant_space when sniffing content (CVE-2025-2784)

  • libsoup: Denial of Service attack to websocket server (CVE-2025-32049)

  • libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)

  • libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libsoupx86_649.el8_10libsoup-2.62.3-9.el8_10.x86_64.rpm

Показывать по

Связанные уязвимости

oracle-oval
2 месяца назад

ELSA-2025-8132: libsoup security update (IMPORTANT)

oracle-oval
2 месяца назад

ELSA-2025-8126: libsoup security update (IMPORTANT)

oracle-oval
около 1 месяца назад

ELSA-2025-9179: libsoup security update (IMPORTANT)

CVSS3: 7
ubuntu
4 месяца назад

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

CVSS3: 7
redhat
5 месяцев назад

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.