libsoup-2.72.0-12.el9_7.5

エラータID: AXSA:2026-168:05

リリース日: 
2026/02/12 Thursday - 16:40
題名: 
libsoup-2.72.0-12.el9_7.5
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

解決策: 

Update packages.

CVE: 
CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libsoup-2.72.0-12.el9_7.5.src.rpm
    MD5: e96a5b741ec41a0ad26a4d70c6c476f6
    SHA-256: 09691449a83810d64725267c4da87fd1f93b7ea2a5154f43e901a482be3e428e
    Size: 1.46 MB

Asianux Server 9 for x86_64
  1. libsoup-2.72.0-12.el9_7.5.i686.rpm
    MD5: e5ea4a6b6ffce957bd81ef4e8aee945b
    SHA-256: fa93ad54dd379f25161538c1bbdb1889ab3f9d315cc45666e1bc0a743aba6aaf
    Size: 427.06 kB
  2. libsoup-2.72.0-12.el9_7.5.x86_64.rpm
    MD5: e7f8404a8e0304c7e5197203c486a979
    SHA-256: 9b2ce68fdecef3f246ab665434537cd1261c0ccac13ae86131ee3fea9f82e904
    Size: 406.01 kB
  3. libsoup-devel-2.72.0-12.el9_7.5.i686.rpm
    MD5: 18ff654749a654c70e7f76b2648acfa0
    SHA-256: b2ec91be4b5755b246b771767af3a751fbf1971c8b4a8372af2a62bc9bb10308
    Size: 180.49 kB
  4. libsoup-devel-2.72.0-12.el9_7.5.x86_64.rpm
    MD5: 1a81c19a336ce5a780581abc84a53301
    SHA-256: b8b965882865996b4d6c673af36df5a85a515b69c0e085ec56f53517327edba9
    Size: 180.52 kB