libsoup-2.72.0-12.el9_7.3

エラータID: AXSA:2026-028:02

Release date: 
Tuesday, January 13, 2026 - 15:59
Subject: 
libsoup-2.72.0-12.el9_7.3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) (CVE-2025-14523)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

Solution: 

Update packages.

CVEs: 
CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.72.0-12.el9_7.3.src.rpm
    MD5: 3a664b99bae0d9b6d3a6708568792943
    SHA-256: 96b40d2723d6d23ae004f30eb48eea9d38561e1e9d00b02a811ae4a84bf4e169
    Size: 1.46 MB

Asianux Server 9 for x86_64
  1. libsoup-2.72.0-12.el9_7.3.i686.rpm
    MD5: 5237ccfadc9c0dce6b5d706420aea5bd
    SHA-256: 734af8744aa6cc1a887ae665d18679c0bfc503523d968cff5697b9229debd627
    Size: 426.67 kB
  2. libsoup-2.72.0-12.el9_7.3.x86_64.rpm
    MD5: 15dd6bff41694ac1ae39c9cab95796a1
    SHA-256: ad607923b990e32056cb57fd4de1e086f162ce30840e39f7b0804fa871d2c39d
    Size: 405.92 kB
  3. libsoup-devel-2.72.0-12.el9_7.3.i686.rpm
    MD5: 4cfc5603fca80b0f9ea073bb81144ac7
    SHA-256: c230618ee519c10368303bd256cf63925d8ec3f39578e8ae8c2d625b6f19f14a
    Size: 180.30 kB
  4. libsoup-devel-2.72.0-12.el9_7.3.x86_64.rpm
    MD5: 0e04451905fff9169c76651929e6f5de
    SHA-256: ae07b309d1b57335c90012fdf274a20da41b28a7ec14a183945e37fced7ee13a
    Size: 180.23 kB