libsoup-2.72.0-12.el9_7.6
エラータID: AXSA:2026-573:08
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-5119
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Update packages.
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
N/A
SRPMS
- libsoup-2.72.0-12.el9_7.6.src.rpm
MD5: 8e4939e833b13bab834f39d52cb6c9b3
SHA-256: f81a8bc079f768fc9e4a87e501d7c4419d324f91db6d9b8523b7e6f2325cbf41
Size: 1.46 MB
Asianux Server 9 for x86_64
- libsoup-2.72.0-12.el9_7.6.i686.rpm
MD5: b52d3c1422c4d9ada4e9a60d7f1a7fcf
SHA-256: 2d3723c142378ff4016aa80c0ef4b87c1567fa1b64af6b321c3072a9ce8c8301
Size: 427.31 kB - libsoup-2.72.0-12.el9_7.6.x86_64.rpm
MD5: 6d09535c363db112a9511bb435ad8485
SHA-256: a58e17e62c05d8fcf1d878b39b68058fcc3a5774a5ca7c5b2006ae3d017312ab
Size: 406.47 kB - libsoup-devel-2.72.0-12.el9_7.6.i686.rpm
MD5: 9b7898fa6ddaae478f97b362ef689939
SHA-256: 8ff1d5dadddeaa9f988bc606f5e202e5e56886b01c196e34732d3de72dcf57d0
Size: 180.56 kB - libsoup-devel-2.72.0-12.el9_7.6.x86_64.rpm
MD5: 10a2c25dff32016e766b91e3c851d1e3
SHA-256: 44b3bcaf8c0e5e302266be2573fda23702effb40d9c9feb339f67373fda4daf0
Size: 180.58 kB