libsoup-2.62.3-9.el8_10

エラータID: AXSA:2025-9962:05

Release date: 
Tuesday, May 27, 2025 - 11:13
Subject: 
libsoup-2.62.3-9.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-2784
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVE-2025-32049
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-32914
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-4948
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.62.3-9.el8_10.src.rpm
    MD5: d13cc71c97be60d28e836aab9975cbb7
    SHA-256: 212a03f1c72baeefd0d9fa25f7b61940ce1f9cf8bd1b7e958adff60f24847226
    Size: 1.83 MB

Asianux Server 8 for x86_64
  1. libsoup-2.62.3-9.el8_10.i686.rpm
    MD5: 954cd271041add0b32f6903e94bac126
    SHA-256: af79e4f0b953210f84ef55c62309f534f15d324d8faf5009ef27435a30e2f10a
    Size: 430.97 kB
  2. libsoup-2.62.3-9.el8_10.x86_64.rpm
    MD5: 19ffecd0c717ed5da7dbef2cd2bb63cd
    SHA-256: f879cc8634e29904c0056c5a394aaac522919a4c07cf194b4f7c4f87a913d618
    Size: 425.25 kB
  3. libsoup-devel-2.62.3-9.el8_10.i686.rpm
    MD5: fbd1d07a5a6f103d6b8f2e426f2c2edf
    SHA-256: a2c94f8f5377691f7aae36a958db94841ecf34647812d198145bf68aecb386d4
    Size: 319.62 kB
  4. libsoup-devel-2.62.3-9.el8_10.x86_64.rpm
    MD5: 77f6d86381e6d05b0bc8c509adab1fa1
    SHA-256: 10f326f90df233e6f5e0c7028143c8a34a5a21503d4f3bcf71ba5e5657e2ab42
    Size: 319.61 kB