drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libsoup
| Name: |
Mehrere Probleme in libsoup |
|
| ID: |
RHSA-2025:9179 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux Server (v. 7 ELS) |
|
| Datum: |
Mi, 18. Juni 2025, 07:22 |
|
| Referenzen: |
https://access.redhat.com/security/cve/CVE-2025-32914
https://access.redhat.com/security/cve/CVE-2025-32906
https://bugzilla.redhat.com/show_bug.cgi?id=2359341
https://access.redhat.com/security/cve/CVE-2025-32049
https://access.redhat.com/security/cve/CVE-2025-2784
https://access.redhat.com/errata/RHSA-2025:9179
https://bugzilla.redhat.com/show_bug.cgi?id=2359355
https://bugzilla.redhat.com/show_bug.cgi?id=2354669
https://access.redhat.com/security/cve/CVE-2025-32913
https://bugzilla.redhat.com/show_bug.cgi?id=2357066
https://bugzilla.redhat.com/show_bug.cgi?id=2359358
https://access.redhat.com/security/cve/CVE-2025-4948
https://bugzilla.redhat.com/show_bug.cgi?id=2359357
https://access.redhat.com/security/cve/CVE-2025-32911
https://bugzilla.redhat.com/show_bug.cgi?id=2367183 |
|
| Applikationen: |
libsoup |
|
Originalnachricht |
An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended
Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing
content (CVE-2025-2784)
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
* libsoup: Double free on soup_message_headers_get_content_disposition()
through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
* libsoup: NULL pointer dereference in
soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
* libsoup: OOB Read on libsoup through function
"soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to
Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2025-2784: Out-of-bounds Read (CWE-125)
CVE-2025-4948: Integer Underflow (Wrap or Wraparound) (CWE-191)
CVE-2025-32049: Allocation of Resources Without Limits or Throttling (CWE-770)
CVE-2025-32906: Out-of-bounds Read (CWE-125)
CVE-2025-32911: Free of Memory not on the Heap (CWE-590)
CVE-2025-32913: NULL Pointer Dereference (CWE-476)
CVE-2025-32914: Out-of-bounds Read (CWE-125)
|
|
|
|
