libsoup-2.72.0-12.el9_7.5
エラータID: AXSA:2026-168:05
リリース日:
2026/02/12 Thursday - 16:40
題名:
libsoup-2.72.0-12.el9_7.5
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- libsoup には、バッファオーバーフローの問題があるため、
リモートの攻撃者により、サービス拒否 (DoS) 状態を可能とする
脆弱性が存在します。(CVE-2026-0719)
- libsoup には、スタックベースのバッファオーバーフローの問題が
あるため、リモートの攻撃者により、情報の漏洩、データ破壊、および
サービス拒否 (DoS) 状態を可能とする脆弱性が存在します。
(CVE-2026-1761)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
追加情報:
N/A
ダウンロード:
SRPMS
- libsoup-2.72.0-12.el9_7.5.src.rpm
MD5: e96a5b741ec41a0ad26a4d70c6c476f6
SHA-256: 09691449a83810d64725267c4da87fd1f93b7ea2a5154f43e901a482be3e428e
Size: 1.46 MB
Asianux Server 9 for x86_64
- libsoup-2.72.0-12.el9_7.5.i686.rpm
MD5: e5ea4a6b6ffce957bd81ef4e8aee945b
SHA-256: fa93ad54dd379f25161538c1bbdb1889ab3f9d315cc45666e1bc0a743aba6aaf
Size: 427.06 kB - libsoup-2.72.0-12.el9_7.5.x86_64.rpm
MD5: e7f8404a8e0304c7e5197203c486a979
SHA-256: 9b2ce68fdecef3f246ab665434537cd1261c0ccac13ae86131ee3fea9f82e904
Size: 406.01 kB - libsoup-devel-2.72.0-12.el9_7.5.i686.rpm
MD5: 18ff654749a654c70e7f76b2648acfa0
SHA-256: b2ec91be4b5755b246b771767af3a751fbf1971c8b4a8372af2a62bc9bb10308
Size: 180.49 kB - libsoup-devel-2.72.0-12.el9_7.5.x86_64.rpm
MD5: 1a81c19a336ce5a780581abc84a53301
SHA-256: b8b965882865996b4d6c673af36df5a85a515b69c0e085ec56f53517327edba9
Size: 180.52 kB
English