libsoup-2.62.3-13.el8_10
エラータID: AXSA:2026-157:03
リリース日:
2026/02/10 Tuesday - 11:09
題名:
libsoup-2.62.3-13.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup には、バッファオーバーフローの問題があるため、
リモートの攻撃者により、サービス拒否 (DoS) 状態を可能とする
脆弱性が存在します。(CVE-2026-0719)
- libsoup には、スタックベースのバッファオーバーフローの問題が
あるため、リモートの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否 (DoS) 状態を可能とする脆弱性が存在します。
(CVE-2026-1761)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.62.3-13.el8_10.src.rpm
MD5: 246160d81bbd41f82be414b144d70768
SHA-256: 2fc5eb55cf1ccc60e352c57e1e93d4a0a98fd3ba05d081e24b51f175c9293bbd
Size: 1.84 MB
Asianux Server 8 for x86_64
- libsoup-2.62.3-13.el8_10.i686.rpm
MD5: 29c9d71005c6d6b2872618e85fd38871
SHA-256: 46231b8309c3892651b268c383b2917c5aa6fa627d696578f203127cc612976e
Size: 431.97 kB - libsoup-2.62.3-13.el8_10.x86_64.rpm
MD5: a5ae51966abcc76978720152469d4d9c
SHA-256: 55de8e1ed6447fd63447d822c4ff2e2574b34bebd308576880b1bc27b8cffe2f
Size: 426.83 kB - libsoup-devel-2.62.3-13.el8_10.i686.rpm
MD5: 17927ba11beefe61d8ab0536fa6a93d1
SHA-256: 0a7ab9810f805fed1d940f272f945a5ceaecd57cc9c55acba557b1f9bcfb8511
Size: 320.06 kB - libsoup-devel-2.62.3-13.el8_10.x86_64.rpm
MD5: 48997ab99b81c1318034eeeccb637931
SHA-256: a6b3f0f50287153c154e76c17b2d4947335a2ce772b8c4ec7b2aaa1fd739629a
Size: 320.05 kB
English