libsoup-2.72.0-10.el9_6.3
エラータID: AXSA:2025-11034:13
リリース日:
2025/11/07 Friday - 18:02
題名:
libsoup-2.72.0-10.el9_6.3
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2025-11021)
- libsoup には、整数オーバーフローの問題があるため、リモートの
攻撃者により、データ破壊を可能とする脆弱性が存在します。
(CVE-2025-4945)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.72.0-10.el9_6.3.src.rpm
MD5: 1c0a571539ea931aeda3e3027787732f
SHA-256: b9f62c1967ba8b0af2c0b39a0cf313b19eb355e871c2b3cbb251b6e43bcbd164
Size: 1.45 MB
Asianux Server 9 for x86_64
- libsoup-2.72.0-10.el9_6.3.i686.rpm
MD5: 9f942541fc3bb290af4068cf2286016c
SHA-256: 8a4e317a0c9b44a4e7ae16fa010cf72ab94667bdcbf2035730540b2f7a075888
Size: 427.43 kB - libsoup-2.72.0-10.el9_6.3.x86_64.rpm
MD5: 480e3da7d986dd42c1ff41066476b43d
SHA-256: 5a70a8eca24a4f12263554c70d4e0eb6b7b5fe9eca7c76acc6eb3c210cecad4e
Size: 405.86 kB - libsoup-devel-2.72.0-10.el9_6.3.i686.rpm
MD5: 5a5b4d622bdd6c0d84149e44ddf164f2
SHA-256: 18abb746cb97a000b6bf09a87b26f41fac0350ca089376211086eac5a0caebb9
Size: 180.03 kB - libsoup-devel-2.72.0-10.el9_6.3.x86_64.rpm
MD5: 0dfc9dadcc1eb1d64fe0bdbab50186c4
SHA-256: 22d813af52e4f7cacf91967a9ceca37480484d418032206107061c3491c9168a
Size: 180.08 kB
English