Red Hat Product Errata RHSA-2025:4568 - Security Advisory
Issued:
2025-05-06
Updated:
2025-05-06

RHSA-2025:4568 - Security Advisory

Synopsis

Important: libsoup security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
  • libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)
  • libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)
  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2357067 - CVE-2025-32050 libsoup: Integer overflow in append_param_quoted
  • BZ - 2357069 - CVE-2025-32052 libsoup: Heap buffer overflow in sniff_unknown()
  • BZ - 2357070 - CVE-2025-32053 libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
  • BZ - 2359341 - CVE-2025-32906 libsoup: Out of bounds reads in soup_headers_parse_request()
  • BZ - 2359355 - CVE-2025-32911 libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
  • BZ - 2359357 - CVE-2025-32913 libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header
  • BZ - 2361962 - CVE-2025-46421 libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server
  • BZ - 2361963 - CVE-2025-46420 libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
x86_64
libsoup-2.62.3-3.el8_8.4.i686.rpm SHA-256: c6d3e5107b7f7c16ffc6fe4b521790a532f03807773b2a84f0c171009b0c4280
libsoup-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: e13037bc944ab092a782524ec79ad450f4d57933d4ab7376f1652801e9d0efa7
libsoup-debuginfo-2.62.3-3.el8_8.4.i686.rpm SHA-256: 918b6fd997bb708dbb72dc6658f8f96bd55974b2ad34853f87706f7b295ece24
libsoup-debuginfo-2.62.3-3.el8_8.4.i686.rpm SHA-256: 918b6fd997bb708dbb72dc6658f8f96bd55974b2ad34853f87706f7b295ece24
libsoup-debuginfo-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 4d5975d961db8c54c2c6f7b38dba96c2a3812b308dae526ec284b8762afb4336
libsoup-debuginfo-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 4d5975d961db8c54c2c6f7b38dba96c2a3812b308dae526ec284b8762afb4336
libsoup-debugsource-2.62.3-3.el8_8.4.i686.rpm SHA-256: 161f3f024671379e2f514ddacefe05a51576b129fcf6bcfc94b646b612f451ee
libsoup-debugsource-2.62.3-3.el8_8.4.i686.rpm SHA-256: 161f3f024671379e2f514ddacefe05a51576b129fcf6bcfc94b646b612f451ee
libsoup-debugsource-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 361cdbd474aa15bc57afd4a564c5374a0efa2dcb7e717aa6445fd4adf20e482a
libsoup-debugsource-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 361cdbd474aa15bc57afd4a564c5374a0efa2dcb7e717aa6445fd4adf20e482a
libsoup-devel-2.62.3-3.el8_8.4.i686.rpm SHA-256: d125a5e45f529c84a43e12a6122be4c75033605098fd89be54dfe6fde687dabc
libsoup-devel-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: ddfa07cabf314345fce158a5625e0a37651309ffbb00744ca6165b91f63f0350

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
s390x
libsoup-2.62.3-3.el8_8.4.s390x.rpm SHA-256: 8b2e352d5b5c0aba70828d8c6eb8c235e23bb0fc225e393f01c60559e9c5f94c
libsoup-debuginfo-2.62.3-3.el8_8.4.s390x.rpm SHA-256: bf34feb540e38a6ac5e49fabfb05b5b881893ceed880a2d05936b9a457e80da4
libsoup-debuginfo-2.62.3-3.el8_8.4.s390x.rpm SHA-256: bf34feb540e38a6ac5e49fabfb05b5b881893ceed880a2d05936b9a457e80da4
libsoup-debugsource-2.62.3-3.el8_8.4.s390x.rpm SHA-256: 2a71fe0ec475b51c97420cade31d1b0a2e91fe13f1a5206470b6a34ed613c057
libsoup-debugsource-2.62.3-3.el8_8.4.s390x.rpm SHA-256: 2a71fe0ec475b51c97420cade31d1b0a2e91fe13f1a5206470b6a34ed613c057
libsoup-devel-2.62.3-3.el8_8.4.s390x.rpm SHA-256: 1e76f4cc7eeeb230b252641656c4734b6aa2f380df884558b31d460cac3a8560

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
ppc64le
libsoup-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: a3684affa796db13aa2cc29acb7f7ef99b46a5e43325408408cee39fcc1f1b04
libsoup-debuginfo-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 9cda96929de76735e6a5e50de4775256fe547fcb6ee247c98b647a423da62355
libsoup-debuginfo-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 9cda96929de76735e6a5e50de4775256fe547fcb6ee247c98b647a423da62355
libsoup-debugsource-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 0764cdea7ad6537a6e9a7ecdc5e7b0025056962258922f0c2a5b5682b4f2c0c4
libsoup-debugsource-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 0764cdea7ad6537a6e9a7ecdc5e7b0025056962258922f0c2a5b5682b4f2c0c4
libsoup-devel-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 4dd1e745b43ce9f13e426ec5d6d6d8c25682020edf5fbf17bcc9e0eb2aa833c3

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
x86_64
libsoup-2.62.3-3.el8_8.4.i686.rpm SHA-256: c6d3e5107b7f7c16ffc6fe4b521790a532f03807773b2a84f0c171009b0c4280
libsoup-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: e13037bc944ab092a782524ec79ad450f4d57933d4ab7376f1652801e9d0efa7
libsoup-debuginfo-2.62.3-3.el8_8.4.i686.rpm SHA-256: 918b6fd997bb708dbb72dc6658f8f96bd55974b2ad34853f87706f7b295ece24
libsoup-debuginfo-2.62.3-3.el8_8.4.i686.rpm SHA-256: 918b6fd997bb708dbb72dc6658f8f96bd55974b2ad34853f87706f7b295ece24
libsoup-debuginfo-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 4d5975d961db8c54c2c6f7b38dba96c2a3812b308dae526ec284b8762afb4336
libsoup-debuginfo-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 4d5975d961db8c54c2c6f7b38dba96c2a3812b308dae526ec284b8762afb4336
libsoup-debugsource-2.62.3-3.el8_8.4.i686.rpm SHA-256: 161f3f024671379e2f514ddacefe05a51576b129fcf6bcfc94b646b612f451ee
libsoup-debugsource-2.62.3-3.el8_8.4.i686.rpm SHA-256: 161f3f024671379e2f514ddacefe05a51576b129fcf6bcfc94b646b612f451ee
libsoup-debugsource-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 361cdbd474aa15bc57afd4a564c5374a0efa2dcb7e717aa6445fd4adf20e482a
libsoup-debugsource-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 361cdbd474aa15bc57afd4a564c5374a0efa2dcb7e717aa6445fd4adf20e482a
libsoup-devel-2.62.3-3.el8_8.4.i686.rpm SHA-256: d125a5e45f529c84a43e12a6122be4c75033605098fd89be54dfe6fde687dabc
libsoup-devel-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: ddfa07cabf314345fce158a5625e0a37651309ffbb00744ca6165b91f63f0350

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
aarch64
libsoup-2.62.3-3.el8_8.4.aarch64.rpm SHA-256: 01074408f79c46cd158461272994f06ac21de56b91d3724a2362d61a91438f22
libsoup-debuginfo-2.62.3-3.el8_8.4.aarch64.rpm SHA-256: a917371a6ef148b8f69b65fff3fc3f0d04568555e9caae6927eabe85cd3671d4
libsoup-debuginfo-2.62.3-3.el8_8.4.aarch64.rpm SHA-256: a917371a6ef148b8f69b65fff3fc3f0d04568555e9caae6927eabe85cd3671d4
libsoup-debugsource-2.62.3-3.el8_8.4.aarch64.rpm SHA-256: 6e34c2f81a1578df5fcd50a0d499964537fbb11fce5d58f46c8220d443fd584c
libsoup-debugsource-2.62.3-3.el8_8.4.aarch64.rpm SHA-256: 6e34c2f81a1578df5fcd50a0d499964537fbb11fce5d58f46c8220d443fd584c
libsoup-devel-2.62.3-3.el8_8.4.aarch64.rpm SHA-256: 2f356cb27eab920ff7865fea9958268b567c1118cc4963c14f426146c4c0db68

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
ppc64le
libsoup-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: a3684affa796db13aa2cc29acb7f7ef99b46a5e43325408408cee39fcc1f1b04
libsoup-debuginfo-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 9cda96929de76735e6a5e50de4775256fe547fcb6ee247c98b647a423da62355
libsoup-debuginfo-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 9cda96929de76735e6a5e50de4775256fe547fcb6ee247c98b647a423da62355
libsoup-debugsource-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 0764cdea7ad6537a6e9a7ecdc5e7b0025056962258922f0c2a5b5682b4f2c0c4
libsoup-debugsource-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 0764cdea7ad6537a6e9a7ecdc5e7b0025056962258922f0c2a5b5682b4f2c0c4
libsoup-devel-2.62.3-3.el8_8.4.ppc64le.rpm SHA-256: 4dd1e745b43ce9f13e426ec5d6d6d8c25682020edf5fbf17bcc9e0eb2aa833c3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
libsoup-2.62.3-3.el8_8.4.src.rpm SHA-256: 41710824b4ba231eb8d2471eda69c9ea9c89ff99df5dbe5fe320590cf9c140da
x86_64
libsoup-2.62.3-3.el8_8.4.i686.rpm SHA-256: c6d3e5107b7f7c16ffc6fe4b521790a532f03807773b2a84f0c171009b0c4280
libsoup-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: e13037bc944ab092a782524ec79ad450f4d57933d4ab7376f1652801e9d0efa7
libsoup-debuginfo-2.62.3-3.el8_8.4.i686.rpm SHA-256: 918b6fd997bb708dbb72dc6658f8f96bd55974b2ad34853f87706f7b295ece24
libsoup-debuginfo-2.62.3-3.el8_8.4.i686.rpm SHA-256: 918b6fd997bb708dbb72dc6658f8f96bd55974b2ad34853f87706f7b295ece24
libsoup-debuginfo-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 4d5975d961db8c54c2c6f7b38dba96c2a3812b308dae526ec284b8762afb4336
libsoup-debuginfo-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 4d5975d961db8c54c2c6f7b38dba96c2a3812b308dae526ec284b8762afb4336
libsoup-debugsource-2.62.3-3.el8_8.4.i686.rpm SHA-256: 161f3f024671379e2f514ddacefe05a51576b129fcf6bcfc94b646b612f451ee
libsoup-debugsource-2.62.3-3.el8_8.4.i686.rpm SHA-256: 161f3f024671379e2f514ddacefe05a51576b129fcf6bcfc94b646b612f451ee
libsoup-debugsource-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 361cdbd474aa15bc57afd4a564c5374a0efa2dcb7e717aa6445fd4adf20e482a
libsoup-debugsource-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: 361cdbd474aa15bc57afd4a564c5374a0efa2dcb7e717aa6445fd4adf20e482a
libsoup-devel-2.62.3-3.el8_8.4.i686.rpm SHA-256: d125a5e45f529c84a43e12a6122be4c75033605098fd89be54dfe6fde687dabc
libsoup-devel-2.62.3-3.el8_8.4.x86_64.rpm SHA-256: ddfa07cabf314345fce158a5625e0a37651309ffbb00744ca6165b91f63f0350

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.