Issued:: 2025-11-11
Updated:: 2025-11-11

RHSA-2025:20959 - Security Advisory

Overview
Updated Packages

Synopsis

Important: libsoup security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)
libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64

Fixes

BZ - 2367175 - CVE-2025-4945 libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup
BZ - 2399627 - CVE-2025-11021 libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
libsoup-2.72.0-12.el9_7.1.src.rpm	SHA-256: e2ab2a093dfbb2194778b68ace18f1f66c605e57eb2adee0f2ac6f4854730fa0
x86_64
libsoup-2.72.0-12.el9_7.1.i686.rpm	SHA-256: 55f7435a9898451614054608a91c26b80880f8c42a8fcd14178d42177fe1f318
libsoup-2.72.0-12.el9_7.1.x86_64.rpm	SHA-256: 8b575ea54c448bccae4ac6d0b082ccbfae1c91573bddd00070e03724f4a561f8
libsoup-debuginfo-2.72.0-12.el9_7.1.i686.rpm	SHA-256: ba8a2dec7f8728b92195a5d5df3da0c731230e408d91cd1f74c25a0842d82722
libsoup-debuginfo-2.72.0-12.el9_7.1.x86_64.rpm	SHA-256: 1b2e430a818abec7899033154218ce464310bd1fd7b20c052e3db7a8fdec7a95
libsoup-debugsource-2.72.0-12.el9_7.1.i686.rpm	SHA-256: 020b0225a6ca9645f32d5b8c0a72d4003f76fa4f32a2cf6f251e4eaa6d0f1c9b
libsoup-debugsource-2.72.0-12.el9_7.1.x86_64.rpm	SHA-256: e339022d04d1669d1b9eb75415ea9c604a159ba6bb8a066a7624f155edf7c4d8
libsoup-devel-2.72.0-12.el9_7.1.i686.rpm	SHA-256: d44f35a60f51e00702899cf42a84c7c7aee46f1d319baca67b4b4f68aa4c4ea2
libsoup-devel-2.72.0-12.el9_7.1.x86_64.rpm	SHA-256: 8b7a6eb4aa10c3d198ebdf25625ab340b167b26d01a62305848e9f7c28ec97af

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
libsoup-2.72.0-12.el9_7.1.src.rpm	SHA-256: e2ab2a093dfbb2194778b68ace18f1f66c605e57eb2adee0f2ac6f4854730fa0
s390x
libsoup-2.72.0-12.el9_7.1.s390x.rpm	SHA-256: 8726009775b0822fa0652f773e39069d88add8fe3cac709dfbdbc015b5a3c905
libsoup-debuginfo-2.72.0-12.el9_7.1.s390x.rpm	SHA-256: 9e334755cce965372fe5e9139a3d0c84f47cfe1b6980a929470875892b1ed4cf
libsoup-debugsource-2.72.0-12.el9_7.1.s390x.rpm	SHA-256: d26a74b974679baa3dfb4a99e2fb7a93fcc999cb02b332d98acc393d5771959c
libsoup-devel-2.72.0-12.el9_7.1.s390x.rpm	SHA-256: bc74ddce34b32601aab1906635adfbd195add7a4d5e3744b72c59eedc265b61f

Red Hat Enterprise Linux for Power, little endian 9

SRPM
libsoup-2.72.0-12.el9_7.1.src.rpm	SHA-256: e2ab2a093dfbb2194778b68ace18f1f66c605e57eb2adee0f2ac6f4854730fa0
ppc64le
libsoup-2.72.0-12.el9_7.1.ppc64le.rpm	SHA-256: 8525ba091088138992987e98bc33e79ecad264f04531d9417c05b2d090002499
libsoup-debuginfo-2.72.0-12.el9_7.1.ppc64le.rpm	SHA-256: 709269cd57e5c40c4f7115bd29d99f3e646fb9a97e9736f2f8ede0c0ede1f659
libsoup-debugsource-2.72.0-12.el9_7.1.ppc64le.rpm	SHA-256: 3d020245f19b4699dcb8a99aa7e785c8da100ff711f909962ae561d2a48c1464
libsoup-devel-2.72.0-12.el9_7.1.ppc64le.rpm	SHA-256: eb246da47397b0a4b5996fc260aed9f4761f3cd79c9a67f27b910bfe67bd45e2

Red Hat Enterprise Linux for ARM 64 9

SRPM
libsoup-2.72.0-12.el9_7.1.src.rpm	SHA-256: e2ab2a093dfbb2194778b68ace18f1f66c605e57eb2adee0f2ac6f4854730fa0
aarch64
libsoup-2.72.0-12.el9_7.1.aarch64.rpm	SHA-256: f74b7b0cf0d9e906ea367072cdd1888e7dce8e2e8abf30e9f78ee5bfa53daaee
libsoup-debuginfo-2.72.0-12.el9_7.1.aarch64.rpm	SHA-256: 9d5e3c21772c5ee8328fc72a8e87dd850a4b58f8c951a18f8fc892249632b574
libsoup-debugsource-2.72.0-12.el9_7.1.aarch64.rpm	SHA-256: 9bf0c24a5661f9d07b8263a482b0e2710e7f6405ebcdc5722855e47b245ded37
libsoup-devel-2.72.0-12.el9_7.1.aarch64.rpm	SHA-256: 11405726aad10f9f30a1f8a899d2ce16fbbad74f2b78199dea88b537c3723bdc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation