libsoup-2.62.3-6.el8_10

エラータID: AXSA:2024-9014:02

Release date: 
Monday, November 18, 2024 - 10:51
Subject: 
libsoup-2.62.3-6.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: infinite loop while reading websocket data (CVE-2024-52532)
* libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-52532
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Solution: 

Update packages.

CVEs: 
CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-52532
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.62.3-6.el8_10.src.rpm
    MD5: a51493fe4e67d66ded70fa934d78a19e
    SHA-256: b9d6b4d143eb7e63cae6a1e6491bf869dd7a23e43685bd78b902ae259a7edd72
    Size: 1.81 MB

Asianux Server 8 for x86_64
  1. libsoup-2.62.3-6.el8_10.i686.rpm
    MD5: 283259f9036f3bea3efa5b97f99ded32
    SHA-256: 9313dc7eb72a8085b8e22cd7edc8badacd7f4efb36b2eafe5b3eec2ed597cf5d
    Size: 429.86 kB
  2. libsoup-2.62.3-6.el8_10.x86_64.rpm
    MD5: 2e34713f2df38ca681758fdc42213dcf
    SHA-256: ebdd3476ef5722cf20d1e5442f63399e0b52435ff6582d1b87a69f150eb1feea
    Size: 424.46 kB
  3. libsoup-devel-2.62.3-6.el8_10.i686.rpm
    MD5: c498622ebe9229b1b703b2d81f8b571b
    SHA-256: 872fdcd0e3298a6a21120277072c7dc7b38aa934289482d550aee374cf48f6e8
    Size: 318.91 kB
  4. libsoup-devel-2.62.3-6.el8_10.x86_64.rpm
    MD5: 441dddf91d807117f4750b07ec7c6ae0
    SHA-256: 1086c2728687b330028c7435e2c5269fd663870c1839f68b12dfefd27c921bb1
    Size: 318.89 kB