libsoup-2.62.2-2.0.5.0.2.el7.AXS7
エラータID: AXSA:2025-11537:17
リリース日:
2025/12/16 Tuesday - 17:38
題名:
libsoup-2.62.2-2.0.5.0.2.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2025-11021)
- libsoup には、整数オーバーフローの問題があるため、リモートの
攻撃者により、データ破壊を可能とする脆弱性が存在します。
(CVE-2025-4945)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-11021
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
CVE-2025-4945
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- libsoup-2.62.2-2.0.5.0.2.el7.AXS7.i686.rpm
MD5: 625b5ecfc95925809a8a274c2e9cd86c
SHA-256: 76372a9d82823850bb3916a376754327f6255dba292f9ce42b95851fd026d284
Size: 396.89 kB - libsoup-2.62.2-2.0.5.0.2.el7.AXS7.x86_64.rpm
MD5: ce1fe8570ffb572ea6a17392148266fb
SHA-256: 9280f21baab65a48b04884b3896d0ed6d284f859b39a1bfb871b4c74a6385a79
Size: 412.83 kB - libsoup-devel-2.62.2-2.0.5.0.2.el7.AXS7.i686.rpm
MD5: fbf6f01a6032a9264a18d82b83a05839
SHA-256: 388c0e63010fdec5a160fdcdf5720b018a6c074abc6a206a7bf8c5e2244a7678
Size: 311.37 kB - libsoup-devel-2.62.2-2.0.5.0.2.el7.AXS7.x86_64.rpm
MD5: 53254201c7a51cc254edf347afea293e
SHA-256: c0e5d8756c3eca10c21c273aa18a765a7bc8f3d411cc5851a1ff7650c04b5c62
Size: 311.35 kB
English