libsoup-2.62.3-10.el8_10

エラータID: AXSA:2025-11046:14

Release date: 
Monday, November 10, 2025 - 14:44
Subject: 
libsoup-2.62.3-10.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)
* libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Solution: 

Update packages.

CVEs: 
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.62.3-10.el8_10.src.rpm
    MD5: 4393fd7751914b18e3acb7b813aa7d13
    SHA-256: 89f37d3d1a049e6f9874a0fd8615583b8f4e8377f56304cb879a7648ecca8e6a
    Size: 1.83 MB

Asianux Server 8 for x86_64
  1. libsoup-2.62.3-10.el8_10.i686.rpm
    MD5: 4f72cf32d1e7e124894765c2edc59e65
    SHA-256: e843604beb9c003d96e257cc0d7959e09dbacde7df55c9e31378b5265716c8a4
    Size: 431.52 kB
  2. libsoup-2.62.3-10.el8_10.x86_64.rpm
    MD5: 4b88d4c5da4e34e8eff03c4662e237ce
    SHA-256: cb78e638e84d004436cb3ff16acb60d86be0af72ec7c09506341c9d7adec4d5e
    Size: 425.50 kB
  3. libsoup-devel-2.62.3-10.el8_10.i686.rpm
    MD5: 438e6404c8ccdc61c207cd0f9939cf32
    SHA-256: a5d0d60c544640d20ecb63bce685294688ea2f3064e75486c50cdf6772cc4ac0
    Size: 319.73 kB
  4. libsoup-devel-2.62.3-10.el8_10.x86_64.rpm
    MD5: fe73d4b4c3f39845aa5d4ca9b6cbcf77
    SHA-256: d1f6a4fc1f13bc7f23f35f4ad3f6b02fdd1beecc699440a7b1104bec0d56b4a6
    Size: 319.72 kB