libsoup-2.72.0-12.el9_7.1
エラータID: AXSA:2025-11437:16
リリース日:
2025/12/04 Thursday - 09:51
題名:
libsoup-2.72.0-12.el9_7.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2025-11021)
- libsoup には、整数オーバーフローの問題があるため、リモートの
攻撃者により、データ破壊を可能とする脆弱性が存在します。
(CVE-2025-4945)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.72.0-12.el9_7.1.src.rpm
MD5: 6f3120b3b362065b9fe0b4b4cced652b
SHA-256: 8c371eacb250f4c5a1cd1a44e1cbff846079a61ed9650f25b72a5f967cf7cd40
Size: 1.45 MB
Asianux Server 9 for x86_64
- libsoup-2.72.0-12.el9_7.1.i686.rpm
MD5: dee2638e22bf24f6cf5630f92bb1ce47
SHA-256: 2dc213d5ba073ff9fce73b08b109a03fb784f131a01f1e60512b2b78908aa521
Size: 426.42 kB - libsoup-2.72.0-12.el9_7.1.x86_64.rpm
MD5: 4799c423fc66b2c0bca799bc479449bf
SHA-256: eea5d3983a57f12b2c6fcd0a1f9973ef141ae4f0c531d299fb5b8c5ed78c387c
Size: 405.76 kB - libsoup-devel-2.72.0-12.el9_7.1.i686.rpm
MD5: 54643c1d744137bff38d6626114e8e59
SHA-256: ad9a1d87600e1ec6f4bece91bdc1bfb6ee9a88e439338c6ecda92205c7d3a477
Size: 180.01 kB - libsoup-devel-2.72.0-12.el9_7.1.x86_64.rpm
MD5: 9d897ce0fe14783be09d69fc5f6effd0
SHA-256: 8a149f9477bfbd6de3a04de03024b8f078c6a872c661132c88ad05ac534c49d8
Size: 180.03 kB
English