libsoup-2.72.0-10.el9_6.2
エラータID: AXSA:2025-10489:08
リリース日:
2025/07/16 Wednesday - 14:26
題名:
libsoup-2.72.0-10.el9_6.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup の skip_insight_whitespace() 関数には、メモリ領域の
範囲外読み取りの問題があるため、リモートの攻撃者により、情報の
漏洩、データ破壊、およびサービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2025-2784)
- libsoup の SoupWebsocketConnection には、リソースの制限を実施
していない問題があるため、リモートの攻撃者により、サービス拒否
攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-32049)
- libsoup の soup_multipart_new_from_message() 関数には、メモリ
領域の範囲外読み取りの問題があるため、リモートの攻撃者により、
情報の漏洩、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-32914)
- libsoup の soup_multipart_new_from_message() 関数には、整数
アンダーフローの問題があるため、リモートの攻撃者により、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-4948)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-2784
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVE-2025-32049
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-32914
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-4948
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.72.0-10.el9_6.2.src.rpm
MD5: 375ad8610d054f132cd2b0ea092a3851
SHA-256: 98b845404974ed3da0d297b6ef2b6e417816b91c9ab77eee552ae7112c66b27f
Size: 1.45 MB
Asianux Server 9 for x86_64
- libsoup-2.72.0-10.el9_6.2.i686.rpm
MD5: 098932d7e42b474b13f89fb9849cbb02
SHA-256: 58f274e6dececec84402b5b4d7a1e38f0821ba40a438724b2a93b759506ac33b
Size: 426.32 kB - libsoup-2.72.0-10.el9_6.2.x86_64.rpm
MD5: 5f1d8c01113ee134209264aa5b60046f
SHA-256: 0a441cc695bbbd8949a6bc2e1096acabebb9c49b3dee226d63f2f7fc974e5485
Size: 405.51 kB - libsoup-devel-2.72.0-10.el9_6.2.i686.rpm
MD5: e5383eaa3b93e48e8259f4e4d230ad6d
SHA-256: a1dc43ab6d76aed356cd8283171661ac900896f15d8362c9be2f65e39a8d170a
Size: 179.93 kB - libsoup-devel-2.72.0-10.el9_6.2.x86_64.rpm
MD5: c1c8b17976dff9fb771c46438631d9f8
SHA-256: cf1b1c33ed7a02372900cd57d374341e4abec102db4c25b4c8c8b1d1311f9951
Size: 179.91 kB
English