libsoup-2.62.3-10.el8_10
エラータID: AXSA:2025-11046:14
リリース日:
2025/11/10 Monday - 14:44
題名:
libsoup-2.62.3-10.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2025-11021)
- libsoup には、整数オーバーフローの問題があるため、リモートの
攻撃者により、データ破壊を可能とする脆弱性が存在します。
(CVE-2025-4945)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.62.3-10.el8_10.src.rpm
MD5: 4393fd7751914b18e3acb7b813aa7d13
SHA-256: 89f37d3d1a049e6f9874a0fd8615583b8f4e8377f56304cb879a7648ecca8e6a
Size: 1.83 MB
Asianux Server 8 for x86_64
- libsoup-2.62.3-10.el8_10.i686.rpm
MD5: 4f72cf32d1e7e124894765c2edc59e65
SHA-256: e843604beb9c003d96e257cc0d7959e09dbacde7df55c9e31378b5265716c8a4
Size: 431.52 kB - libsoup-2.62.3-10.el8_10.x86_64.rpm
MD5: 4b88d4c5da4e34e8eff03c4662e237ce
SHA-256: cb78e638e84d004436cb3ff16acb60d86be0af72ec7c09506341c9d7adec4d5e
Size: 425.50 kB - libsoup-devel-2.62.3-10.el8_10.i686.rpm
MD5: 438e6404c8ccdc61c207cd0f9939cf32
SHA-256: a5d0d60c544640d20ecb63bce685294688ea2f3064e75486c50cdf6772cc4ac0
Size: 319.73 kB - libsoup-devel-2.62.3-10.el8_10.x86_64.rpm
MD5: fe73d4b4c3f39845aa5d4ca9b6cbcf77
SHA-256: d1f6a4fc1f13bc7f23f35f4ad3f6b02fdd1beecc699440a7b1104bec0d56b4a6
Size: 319.72 kB
English