drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libsoup
| Name: |
Mehrere Probleme in libsoup |
|
| ID: |
RHSA-2025:4440 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux AppStream EUS (v.9.4) |
|
| Datum: |
Mo, 5. Mai 2025, 06:25 |
|
| Referenzen: |
https://access.redhat.com/security/cve/CVE-2025-32907
https://bugzilla.redhat.com/show_bug.cgi?id=2361963
https://access.redhat.com/security/cve/CVE-2025-46421
https://bugzilla.redhat.com/show_bug.cgi?id=2359342
https://access.redhat.com/security/cve/CVE-2025-32911
https://bugzilla.redhat.com/show_bug.cgi?id=2359341
https://bugzilla.redhat.com/show_bug.cgi?id=2357069
https://access.redhat.com/security/cve/CVE-2025-32913
https://access.redhat.com/security/cve/CVE-2025-32906
https://access.redhat.com/security/cve/CVE-2025-32053
https://access.redhat.com/errata/RHSA-2025:4440
https://bugzilla.redhat.com/show_bug.cgi?id=2359357
https://bugzilla.redhat.com/show_bug.cgi?id=2357070
https://bugzilla.redhat.com/show_bug.cgi?id=2359355
https://bugzilla.redhat.com/show_bug.cgi?id=2357067
https://access.redhat.com/security/cve/CVE-2025-32052
https://access.redhat.com/security/cve/CVE-2025-46420
https://access.redhat.com/security/cve/CVE-2025-32050
https://bugzilla.redhat.com/show_bug.cgi?id=2361962 |
|
| Applikationen: |
libsoup |
|
Originalnachricht |
An update for libsoup is now available for Red Hat Enterprise Linux 9.4
Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
* libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
* libsoup: Heap buffer overflows in sniff_feed_or_html() and
skip_insignificant_space() (CVE-2025-32053)
* libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
* libsoup: Denial of service in server when client requests a large amount of
overlapping ranges with Range header (CVE-2025-32907)
* libsoup: Double free on soup_message_headers_get_content_disposition()
through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
* libsoup: NULL pointer dereference in
soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
* libsoup: Information disclosure may leads libsoup client sends Authorization
header to a different host when being redirected by a server (CVE-2025-46421)
* libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c
(CVE-2025-46420)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-32050: Buffer Under-read (CWE-127)
CVE-2025-32052: Buffer Over-read (CWE-126)
CVE-2025-32053: Buffer Over-read (CWE-126)
CVE-2025-32906: Out-of-bounds Read (CWE-125)
CVE-2025-32907: Excessive Platform Resource Consumption within a Loop
(CWE-1050)
CVE-2025-32911: Free of Memory not on the Heap (CWE-590)
CVE-2025-32913: NULL Pointer Dereference (CWE-476)
CVE-2025-46420: Missing Release of Memory after Effective Lifetime (CWE-401)
CVE-2025-46421: Exposure of Sensitive System Information to an Unauthorized
Control Sphere (CWE-497)
|
|
|
|
