libsoup-2.62.3-11.el8_10

エラータID: AXSA:2026-026:01

リリース日: 
2026/01/13 Tuesday - 14:23
題名: 
libsoup-2.62.3-11.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) (CVE-2025-14523)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

解決策: 

Update packages.

CVE: 
CVE-2025-14523
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libsoup-2.62.3-11.el8_10.src.rpm
    MD5: 26cbd86db511005d49b21ed285f4b224
    SHA-256: 7394cdf50f1b50ea437377c54e439a8e3b840be2fab9b74396a3ee0f1c3d7df7
    Size: 1.83 MB

Asianux Server 8 for x86_64
  1. libsoup-2.62.3-11.el8_10.i686.rpm
    MD5: 24310a4e4f08717bae4125aa0e205826
    SHA-256: 897fcaf41df44cdfda66d73f5f8c8f8d87a77704700a3e8c1813583977da96b1
    Size: 431.41 kB
  2. libsoup-2.62.3-11.el8_10.x86_64.rpm
    MD5: b452a271cb2c047d7fa4b8f303f5afd4
    SHA-256: 135cfa6cd764513cdf72ea567d09823ee0e62ddda4d7309dbe62a27bac8074ee
    Size: 426.03 kB
  3. libsoup-devel-2.62.3-11.el8_10.i686.rpm
    MD5: 942da95bfec137ec74211e16a161ad55
    SHA-256: a4b1d9d60def84a70c737821ba7d0df46a7f47bc4680b15aac0d2e5c770a53c0
    Size: 319.83 kB
  4. libsoup-devel-2.62.3-11.el8_10.x86_64.rpm
    MD5: 09bc23d2669980b19edd24745f4675e0
    SHA-256: 60738cb34304b320b53be0d46dd1f914156eee75a0f67253b251c4c59e8fdfa1
    Size: 319.81 kB