libsoup-2.72.0-8.el9_5.2

エラータID: AXSA:2024-9403:03

Release date: 
Tuesday, December 17, 2024 - 21:29
Subject: 
libsoup-2.72.0-8.el9_5.2
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: infinite loop while reading websocket data (CVE-2024-52532)
* libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-52532
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Solution: 

Update packages.

CVEs: 
CVE-2024-52530
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
CVE-2024-52532
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.72.0-8.el9_5.2.src.rpm
    MD5: e1df22ad98283d8c824912e5226ed6d0
    SHA-256: 47fc3a344c30fd0cd2c9f5b1552b7dd7d386f0e0bd9eacb4a493f4c7865f3ad4
    Size: 1.43 MB

Asianux Server 9 for x86_64
  1. libsoup-2.72.0-8.el9_5.2.i686.rpm
    MD5: f0f994f88169f4000a08ff32318c3cea
    SHA-256: 98e5ce0e657d3c1d0decf4778247dfd999f93b794b11dbd79ff9ca6d3eed4de4
    Size: 429.17 kB
  2. libsoup-2.72.0-8.el9_5.2.x86_64.rpm
    MD5: eee4f83f2041c22ae46a02f6241e9602
    SHA-256: a57f5985275ba194502831efaa7cc38aa0f82073d440e44a563b3a9910c7bcbc
    Size: 405.02 kB
  3. libsoup-devel-2.72.0-8.el9_5.2.i686.rpm
    MD5: 9048c2970dfdf62e8aa1242a7cf3d583
    SHA-256: 5133b173018ff0da1e24173f2b755660af7d8ba243cca8ae5078f1a2be6e1911
    Size: 179.48 kB
  4. libsoup-devel-2.72.0-8.el9_5.2.x86_64.rpm
    MD5: 1cde8c4f7aa9f7cbb65ea2fde17aaa48
    SHA-256: f20951b72a8e29f6b4b63b8bea319e45fa812c79f6a89e4567da9764fe459759
    Size: 179.49 kB