libsoup-2.72.0-10.el9_6.1

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
* libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
* libsoup: Heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (CVE-2025-32053)
* libsoup: Out of bounds reads in soup_headers_parse_request()
(CVE-2025-32906)
* libsoup: Denial of service in server when client requests a large amount of
overlapping ranges with Range header (CVE-2025-32907)
* libsoup: Double free on soup_message_headers_get_content_disposition()
through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
* libsoup: NULL pointer dereference in
soup_message_headers_get_content_disposition when "filename" parameter is
present, but has no value in Content-Disposition header (CVE-2025-32913)
* libsoup: Information disclosure may leads libsoup client sends Authorization
header to a different host when being redirected by a server (CVE-2025-46421)
* libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c
(CVE-2025-46420)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2025-32050
A flaw was found in libsoup. The libsoup append_param_quoted() function may
contain an overflow bug resulting in a buffer under-read.
CVE-2025-32052
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may
lead to heap buffer over-read.
CVE-2025-32053
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and
skip_insignificant_space() functions may lead to a heap buffer over-read.
CVE-2025-32906
A flaw was found in libsoup, where the soup_headers_parse_request() function may
be vulnerable to an out-of-bound read. This flaw allows a malicious user to use
a specially crafted HTTP request to crash the HTTP server.
CVE-2025-32907
A flaw was found in libsoup. The implementation of HTTP range requests is
vulnerable to a resource consumption attack. This flaw allows a malicious client
to request the same range many times in a single HTTP request, causing the
server to use large amounts of memory. This does not allow for a full denial of
service.
CVE-2025-32911
A use-after-free type vulnerability was found in libsoup, in the
soup_message_headers_get_content_disposition() function. This flaw allows a
malicious HTTP client to cause memory corruption in the libsoup server.
CVE-2025-32913
A flaw was found in libsoup, where the
soup_message_headers_get_content_disposition() function is vulnerable to a NULL
pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup
client or server that uses this function.
CVE-2025-46420
A flaw was found in libsoup. It is vulnerable to memory leaks in the
soup_header_parse_quality_list() function when parsing a quality list that
contains elements with all zeroes.
CVE-2025-46421
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect,
they mistakenly send the HTTP Authorization header to the new host that the
redirection points to. This allows the new host to impersonate the user to the
original host that issued the redirect.