libsoup-2.62.2-2.0.5.0.1.el7.AXS7
エラータID: AXSA:2025-11110:15
リリース日:
2025/11/26 Wednesday - 14:58
題名:
libsoup-2.62.2-2.0.5.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup の SoupWebsocketConnection には、リソースの制限を
実施していない問題があるため、リモートの攻撃者により、サービス
拒否攻撃 (リソース枯渇) を可能とする脆弱性が存在します。
(CVE-2025-32049)
- libsoup の soup_multipart_new_from_message() 関数には、メモリ
領域の範囲外読み取りの問題があるため、リモートの攻撃者により、
情報の漏洩、およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-32914)
- libsoup の soup_multipart_new_from_message() 関数には、整数
アンダーフローの問題があるため、リモートの攻撃者により、サービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-4948)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-32049
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
CVE-2025-32914
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-4948
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- libsoup-2.62.2-2.0.5.0.1.el7.AXS7.i686.rpm
MD5: 01017e062add11dda4cb1352dbf2f000
SHA-256: de2da8197df2b1ab54337585d725ca4091ef561aeb57e9108ff3c1c82b4622e1
Size: 396.90 kB - libsoup-2.62.2-2.0.5.0.1.el7.AXS7.x86_64.rpm
MD5: 38aba3f86d6c8eca574c3be195987a79
SHA-256: 8b3d922bd857ff842a38f73c1bad0121901b1807001f2e178d90da992dc46542
Size: 412.52 kB - libsoup-devel-2.62.2-2.0.5.0.1.el7.AXS7.i686.rpm
MD5: 41ef26ba0c6d91e6e29bc65208a01a90
SHA-256: 6e9d29d6d5290ce04be154f5a8bc29aae11d1bfc617763ed0c832b61aec3373d
Size: 311.16 kB - libsoup-devel-2.62.2-2.0.5.0.1.el7.AXS7.x86_64.rpm
MD5: 5a318a66c97bda10d84708668079cd3b
SHA-256: 7272515a2a4611fa5d1b4be88bac8f91454f5ec29fc3b237ab1b7a2c1286e4ac
Size: 311.13 kB
English