红帽产品勘误 RHSA-2025:7436 - Security Advisory
发布:
2025-05-13
已更新:
2025-05-13

RHSA-2025:7436 - Security Advisory

概述

Important: libsoup security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for libsoup is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
  • libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)
  • libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
  • libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907)
  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)
  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

修复

  • BZ - 2357067 - CVE-2025-32050 libsoup: Integer overflow in append_param_quoted
  • BZ - 2357069 - CVE-2025-32052 libsoup: Heap buffer overflow in sniff_unknown()
  • BZ - 2357070 - CVE-2025-32053 libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
  • BZ - 2359341 - CVE-2025-32906 libsoup: Out of bounds reads in soup_headers_parse_request()
  • BZ - 2359342 - CVE-2025-32907 libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header
  • BZ - 2359355 - CVE-2025-32911 libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
  • BZ - 2359357 - CVE-2025-32913 libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header
  • BZ - 2361962 - CVE-2025-46421 libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server
  • BZ - 2361963 - CVE-2025-46420 libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c

Red Hat Enterprise Linux for x86_64 9

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
x86_64
libsoup-2.72.0-10.el9_6.1.i686.rpm SHA-256: a6d5d28a2f726f15123db93669bc634c1876bf4cd83303fb9f8c3512779b4d7d
libsoup-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: edf553f6aca5ea474b84f36898c55ab33091f9d06d8048e83b3197f4adf90da4
libsoup-debuginfo-2.72.0-10.el9_6.1.i686.rpm SHA-256: 20a6423f2aab036114d5619be92752772987672abf7e29b01fc8e3b6b3fd306b
libsoup-debuginfo-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: f3e1c22b4810b6b341c1f06409fbc4984e5fa110a3bf6ebae33e0ce78a531a79
libsoup-debugsource-2.72.0-10.el9_6.1.i686.rpm SHA-256: 1f8d35c55a34a1b8267979632721ad4f2681d716a8e7babb843de212be84d778
libsoup-debugsource-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 0e219ec1e10989c3fff1c463754e6a6a6dfe9a8f2dfbf994719c3b474e50feba
libsoup-devel-2.72.0-10.el9_6.1.i686.rpm SHA-256: b847d7852f965d829015a3f68decdf9204d7c11e45bd7edfc6bc7822eeedefd9
libsoup-devel-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 35c6d6ecbaa851c0cc4e3c965fd606bad8f1ff77c4550f2f1e8fc6aedc5f3734

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
x86_64
libsoup-2.72.0-10.el9_6.1.i686.rpm SHA-256: a6d5d28a2f726f15123db93669bc634c1876bf4cd83303fb9f8c3512779b4d7d
libsoup-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: edf553f6aca5ea474b84f36898c55ab33091f9d06d8048e83b3197f4adf90da4
libsoup-debuginfo-2.72.0-10.el9_6.1.i686.rpm SHA-256: 20a6423f2aab036114d5619be92752772987672abf7e29b01fc8e3b6b3fd306b
libsoup-debuginfo-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: f3e1c22b4810b6b341c1f06409fbc4984e5fa110a3bf6ebae33e0ce78a531a79
libsoup-debugsource-2.72.0-10.el9_6.1.i686.rpm SHA-256: 1f8d35c55a34a1b8267979632721ad4f2681d716a8e7babb843de212be84d778
libsoup-debugsource-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 0e219ec1e10989c3fff1c463754e6a6a6dfe9a8f2dfbf994719c3b474e50feba
libsoup-devel-2.72.0-10.el9_6.1.i686.rpm SHA-256: b847d7852f965d829015a3f68decdf9204d7c11e45bd7edfc6bc7822eeedefd9
libsoup-devel-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 35c6d6ecbaa851c0cc4e3c965fd606bad8f1ff77c4550f2f1e8fc6aedc5f3734

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
x86_64
libsoup-2.72.0-10.el9_6.1.i686.rpm SHA-256: a6d5d28a2f726f15123db93669bc634c1876bf4cd83303fb9f8c3512779b4d7d
libsoup-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: edf553f6aca5ea474b84f36898c55ab33091f9d06d8048e83b3197f4adf90da4
libsoup-debuginfo-2.72.0-10.el9_6.1.i686.rpm SHA-256: 20a6423f2aab036114d5619be92752772987672abf7e29b01fc8e3b6b3fd306b
libsoup-debuginfo-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: f3e1c22b4810b6b341c1f06409fbc4984e5fa110a3bf6ebae33e0ce78a531a79
libsoup-debugsource-2.72.0-10.el9_6.1.i686.rpm SHA-256: 1f8d35c55a34a1b8267979632721ad4f2681d716a8e7babb843de212be84d778
libsoup-debugsource-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 0e219ec1e10989c3fff1c463754e6a6a6dfe9a8f2dfbf994719c3b474e50feba
libsoup-devel-2.72.0-10.el9_6.1.i686.rpm SHA-256: b847d7852f965d829015a3f68decdf9204d7c11e45bd7edfc6bc7822eeedefd9
libsoup-devel-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 35c6d6ecbaa851c0cc4e3c965fd606bad8f1ff77c4550f2f1e8fc6aedc5f3734

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
s390x
libsoup-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 54d32229f389928debbe2e93a67174a5344fc3d4a644e21b25bf60fdf4137061
libsoup-debuginfo-2.72.0-10.el9_6.1.s390x.rpm SHA-256: bca0e4116cadc70962e4005197921117ad824213cbe2cc930b20879b39ec4b0b
libsoup-debugsource-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 9867acd358512db6e6b802487a6dba7e27f6b9c42b5cf00099ade8ca6ba1a5d8
libsoup-devel-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 292647942db0c2519241d3332f426f8eb7ee771203cf7fe3cc04df97a43fb6dc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
s390x
libsoup-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 54d32229f389928debbe2e93a67174a5344fc3d4a644e21b25bf60fdf4137061
libsoup-debuginfo-2.72.0-10.el9_6.1.s390x.rpm SHA-256: bca0e4116cadc70962e4005197921117ad824213cbe2cc930b20879b39ec4b0b
libsoup-debugsource-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 9867acd358512db6e6b802487a6dba7e27f6b9c42b5cf00099ade8ca6ba1a5d8
libsoup-devel-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 292647942db0c2519241d3332f426f8eb7ee771203cf7fe3cc04df97a43fb6dc

Red Hat Enterprise Linux for Power, little endian 9

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
ppc64le
libsoup-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: f0134746ed8393007592230dde01a54ba02c2f785ff37b722e52b6a29b90c56e
libsoup-debuginfo-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: fbeb87949fc0646fa148d960335ad689bac8cae423da2a33624ed8db66eed0d0
libsoup-debugsource-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: ff1efd106dd849dd00f18e6916230999e71544f3a0ee3f9a5a723a7124589a0e
libsoup-devel-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: e2cfd594c68d20e80aebb97b0283bd6bc2c57bbba85b6f38b0d421674bb1ffdb

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
ppc64le
libsoup-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: f0134746ed8393007592230dde01a54ba02c2f785ff37b722e52b6a29b90c56e
libsoup-debuginfo-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: fbeb87949fc0646fa148d960335ad689bac8cae423da2a33624ed8db66eed0d0
libsoup-debugsource-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: ff1efd106dd849dd00f18e6916230999e71544f3a0ee3f9a5a723a7124589a0e
libsoup-devel-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: e2cfd594c68d20e80aebb97b0283bd6bc2c57bbba85b6f38b0d421674bb1ffdb

Red Hat Enterprise Linux for ARM 64 9

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
aarch64
libsoup-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 0fa2e6a3bfbadc861ce64ba0f4dff4329884af07235c9d90d6d064df92c9d76b
libsoup-debuginfo-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 5cf16155d0eff78c23d25722644e10e61f9190e5b1302a576a26d416885898d4
libsoup-debugsource-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 8dd39a7a18619a6cc0e3c25c5ab66e0bf6789611f678696523ba4f21848dc932
libsoup-devel-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 3d2a3544e3c48ec13756d72c6204076aedc5188314319abb85f154e89d4f6005

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
aarch64
libsoup-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 0fa2e6a3bfbadc861ce64ba0f4dff4329884af07235c9d90d6d064df92c9d76b
libsoup-debuginfo-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 5cf16155d0eff78c23d25722644e10e61f9190e5b1302a576a26d416885898d4
libsoup-debugsource-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 8dd39a7a18619a6cc0e3c25c5ab66e0bf6789611f678696523ba4f21848dc932
libsoup-devel-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 3d2a3544e3c48ec13756d72c6204076aedc5188314319abb85f154e89d4f6005

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
ppc64le
libsoup-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: f0134746ed8393007592230dde01a54ba02c2f785ff37b722e52b6a29b90c56e
libsoup-debuginfo-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: fbeb87949fc0646fa148d960335ad689bac8cae423da2a33624ed8db66eed0d0
libsoup-debugsource-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: ff1efd106dd849dd00f18e6916230999e71544f3a0ee3f9a5a723a7124589a0e
libsoup-devel-2.72.0-10.el9_6.1.ppc64le.rpm SHA-256: e2cfd594c68d20e80aebb97b0283bd6bc2c57bbba85b6f38b0d421674bb1ffdb

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
x86_64
libsoup-2.72.0-10.el9_6.1.i686.rpm SHA-256: a6d5d28a2f726f15123db93669bc634c1876bf4cd83303fb9f8c3512779b4d7d
libsoup-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: edf553f6aca5ea474b84f36898c55ab33091f9d06d8048e83b3197f4adf90da4
libsoup-debuginfo-2.72.0-10.el9_6.1.i686.rpm SHA-256: 20a6423f2aab036114d5619be92752772987672abf7e29b01fc8e3b6b3fd306b
libsoup-debuginfo-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: f3e1c22b4810b6b341c1f06409fbc4984e5fa110a3bf6ebae33e0ce78a531a79
libsoup-debugsource-2.72.0-10.el9_6.1.i686.rpm SHA-256: 1f8d35c55a34a1b8267979632721ad4f2681d716a8e7babb843de212be84d778
libsoup-debugsource-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 0e219ec1e10989c3fff1c463754e6a6a6dfe9a8f2dfbf994719c3b474e50feba
libsoup-devel-2.72.0-10.el9_6.1.i686.rpm SHA-256: b847d7852f965d829015a3f68decdf9204d7c11e45bd7edfc6bc7822eeedefd9
libsoup-devel-2.72.0-10.el9_6.1.x86_64.rpm SHA-256: 35c6d6ecbaa851c0cc4e3c965fd606bad8f1ff77c4550f2f1e8fc6aedc5f3734

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
aarch64
libsoup-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 0fa2e6a3bfbadc861ce64ba0f4dff4329884af07235c9d90d6d064df92c9d76b
libsoup-debuginfo-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 5cf16155d0eff78c23d25722644e10e61f9190e5b1302a576a26d416885898d4
libsoup-debugsource-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 8dd39a7a18619a6cc0e3c25c5ab66e0bf6789611f678696523ba4f21848dc932
libsoup-devel-2.72.0-10.el9_6.1.aarch64.rpm SHA-256: 3d2a3544e3c48ec13756d72c6204076aedc5188314319abb85f154e89d4f6005

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
libsoup-2.72.0-10.el9_6.1.src.rpm SHA-256: 4de0b7579d6feb2f4784df01995a9063d35197290e563a21ae7325caf6659883
s390x
libsoup-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 54d32229f389928debbe2e93a67174a5344fc3d4a644e21b25bf60fdf4137061
libsoup-debuginfo-2.72.0-10.el9_6.1.s390x.rpm SHA-256: bca0e4116cadc70962e4005197921117ad824213cbe2cc930b20879b39ec4b0b
libsoup-debugsource-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 9867acd358512db6e6b802487a6dba7e27f6b9c42b5cf00099ade8ca6ba1a5d8
libsoup-devel-2.72.0-10.el9_6.1.s390x.rpm SHA-256: 292647942db0c2519241d3332f426f8eb7ee771203cf7fe3cc04df97a43fb6dc

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/