libsoup-2.72.0-12.el9_7.1

エラータID: AXSA:2025-11437:16

Release date: 
Thursday, December 4, 2025 - 09:51
Subject: 
libsoup-2.72.0-12.el9_7.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)
* libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Solution: 

Update packages.

CVEs: 
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.72.0-12.el9_7.1.src.rpm
    MD5: 6f3120b3b362065b9fe0b4b4cced652b
    SHA-256: 8c371eacb250f4c5a1cd1a44e1cbff846079a61ed9650f25b72a5f967cf7cd40
    Size: 1.45 MB

Asianux Server 9 for x86_64
  1. libsoup-2.72.0-12.el9_7.1.i686.rpm
    MD5: dee2638e22bf24f6cf5630f92bb1ce47
    SHA-256: 2dc213d5ba073ff9fce73b08b109a03fb784f131a01f1e60512b2b78908aa521
    Size: 426.42 kB
  2. libsoup-2.72.0-12.el9_7.1.x86_64.rpm
    MD5: 4799c423fc66b2c0bca799bc479449bf
    SHA-256: eea5d3983a57f12b2c6fcd0a1f9973ef141ae4f0c531d299fb5b8c5ed78c387c
    Size: 405.76 kB
  3. libsoup-devel-2.72.0-12.el9_7.1.i686.rpm
    MD5: 54643c1d744137bff38d6626114e8e59
    SHA-256: ad9a1d87600e1ec6f4bece91bdc1bfb6ee9a88e439338c6ecda92205c7d3a477
    Size: 180.01 kB
  4. libsoup-devel-2.72.0-12.el9_7.1.x86_64.rpm
    MD5: 9d897ce0fe14783be09d69fc5f6effd0
    SHA-256: 8a149f9477bfbd6de3a04de03024b8f078c6a872c661132c88ad05ac534c49d8
    Size: 180.03 kB