libsoup-2.62.3-9.el8_10
エラータID: AXSA:2025-9962:05
リリース日:
2025/05/27 Tuesday - 11:13
題名:
libsoup-2.62.3-9.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup の skip_insight_whitespace() 関数には、メモリ領域の
範囲外読み取りの問題があるため、リモートの攻撃者により、情報の
漏洩、データ破壊、およびサービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2025-2784)
- libsoup の SoupWebsocketConnection には、リソースの制限を実施
していない問題があるため、リモートの攻撃者により、サービス拒否
攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-32049)
- libsoup の soup_multipart_new_from_message() 関数には、メモリ
領域の範囲外読み取りの問題があるため、リモートの攻撃者により、
情報の漏洩、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-32914)
- libsoup の soup_multipart_new_from_message() 関数には、整数
アンダーフローの問題があるため、リモートの攻撃者により、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-4948)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-2784
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
CVE-2025-32049
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-32914
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-4948
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.62.3-9.el8_10.src.rpm
MD5: d13cc71c97be60d28e836aab9975cbb7
SHA-256: 212a03f1c72baeefd0d9fa25f7b61940ce1f9cf8bd1b7e958adff60f24847226
Size: 1.83 MB
Asianux Server 8 for x86_64
- libsoup-2.62.3-9.el8_10.i686.rpm
MD5: 954cd271041add0b32f6903e94bac126
SHA-256: af79e4f0b953210f84ef55c62309f534f15d324d8faf5009ef27435a30e2f10a
Size: 430.97 kB - libsoup-2.62.3-9.el8_10.x86_64.rpm
MD5: 19ffecd0c717ed5da7dbef2cd2bb63cd
SHA-256: f879cc8634e29904c0056c5a394aaac522919a4c07cf194b4f7c4f87a913d618
Size: 425.25 kB - libsoup-devel-2.62.3-9.el8_10.i686.rpm
MD5: fbd1d07a5a6f103d6b8f2e426f2c2edf
SHA-256: a2c94f8f5377691f7aae36a958db94841ecf34647812d198145bf68aecb386d4
Size: 319.62 kB - libsoup-devel-2.62.3-9.el8_10.x86_64.rpm
MD5: 77f6d86381e6d05b0bc8c509adab1fa1
SHA-256: 10f326f90df233e6f5e0c7028143c8a34a5a21503d4f3bcf71ba5e5657e2ab42
Size: 319.61 kB
English