Red Hat Product Errata RHSA-2025:8140 - Security Advisory
Issued:
2025-05-26
Updated:
2025-05-26

RHSA-2025:8140 - Security Advisory

Synopsis

Important: libsoup security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
  • libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
  • libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
  • libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2354669 - CVE-2025-2784 libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content
  • BZ - 2357066 - CVE-2025-32049 libsoup: Denial of Service attack to websocket server
  • BZ - 2359358 - CVE-2025-32914 libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process
  • BZ - 2367183 - CVE-2025-4948 libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
x86_64
libsoup-2.72.0-8.el9_2.5.i686.rpm SHA-256: 85a7b35ee7d1c8019a65c216f2e27ea142fcfe9730433d95a265db9d5132fdcb
libsoup-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 2796575cb2a99ce7cb385c629688d3039a1406da55dcc9eef795f58cbb604a93
libsoup-debuginfo-2.72.0-8.el9_2.5.i686.rpm SHA-256: 6a9aa00778d7ce8174f088771fbade02d5acf7680d42bad6a1b55597b2b64ad8
libsoup-debuginfo-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 7dceb41f582cc0bbcca2af3442ce1075e6ecc97bcbf5d970c8a4eefd02cbbf0f
libsoup-debugsource-2.72.0-8.el9_2.5.i686.rpm SHA-256: 5e8561791c8b5fede5e1e2136e865996d456343a6a1135971db0587105c89fe0
libsoup-debugsource-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 1fbfd2b6fae1a3127572a9c9efcee8a03618aafd9f5262315805e8458135c263
libsoup-devel-2.72.0-8.el9_2.5.i686.rpm SHA-256: 02c64213ad84c215b550a59ff744c50e49f45aad17e41cb961ac4580ba8efec4
libsoup-devel-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 417bf327bb4aec2969f82969bf840b17d2fd844434beb9664930e1017518def0

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
x86_64
libsoup-2.72.0-8.el9_2.5.i686.rpm SHA-256: 85a7b35ee7d1c8019a65c216f2e27ea142fcfe9730433d95a265db9d5132fdcb
libsoup-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 2796575cb2a99ce7cb385c629688d3039a1406da55dcc9eef795f58cbb604a93
libsoup-debuginfo-2.72.0-8.el9_2.5.i686.rpm SHA-256: 6a9aa00778d7ce8174f088771fbade02d5acf7680d42bad6a1b55597b2b64ad8
libsoup-debuginfo-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 7dceb41f582cc0bbcca2af3442ce1075e6ecc97bcbf5d970c8a4eefd02cbbf0f
libsoup-debugsource-2.72.0-8.el9_2.5.i686.rpm SHA-256: 5e8561791c8b5fede5e1e2136e865996d456343a6a1135971db0587105c89fe0
libsoup-debugsource-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 1fbfd2b6fae1a3127572a9c9efcee8a03618aafd9f5262315805e8458135c263
libsoup-devel-2.72.0-8.el9_2.5.i686.rpm SHA-256: 02c64213ad84c215b550a59ff744c50e49f45aad17e41cb961ac4580ba8efec4
libsoup-devel-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 417bf327bb4aec2969f82969bf840b17d2fd844434beb9664930e1017518def0

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
s390x
libsoup-2.72.0-8.el9_2.5.s390x.rpm SHA-256: 5c690605c9d3a651dd22506de3c9821d90994569483c6e751bf73f4e83a44175
libsoup-debuginfo-2.72.0-8.el9_2.5.s390x.rpm SHA-256: 3379be4f2ad3f7dfda02c6964840e803df8a0111732493bac79fb991912cdefd
libsoup-debugsource-2.72.0-8.el9_2.5.s390x.rpm SHA-256: dcd543b308e90e9642c34d7353248652e08ed6e575445f10b659b6a87fc62206
libsoup-devel-2.72.0-8.el9_2.5.s390x.rpm SHA-256: b89aa095da31b1920116d78d71de16d856c28c306233f478837f5f74d857c801

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
ppc64le
libsoup-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: c93c47b49b8c04425e2920b92733dd70fea575f2faaa0633c9a74ad9cba8bfa4
libsoup-debuginfo-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: 93ab1af9398e5cc78fe4d932552683b568a84278cd2e5e7fb5349aa33c6b8ed2
libsoup-debugsource-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: efaef6d728c31a5a3fb204d5378f5cfa2f0dbc6eb2fbfdf920ec8b317d890509
libsoup-devel-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: 96b479301cf2aeb0436498a5084001f80d36ac04a64a942f094bcfbcd0e1e667

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
aarch64
libsoup-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: 19d38081da1dae1c0ab8cbc3b1568d1b55d051bf776f3929f0e2392d7f013fae
libsoup-debuginfo-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: e5bbae1ea0b359ddde11464414b53b5222052ba505c919e8245f1ac0a7d42676
libsoup-debugsource-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: 118fd63cdf8e25298358dee7abbe2b706fe475bb4efab8850c4ca470ed1ed650
libsoup-devel-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: e9e9e8cb6f155c17535a9082d8d8e2a296f6eb0016e93ecfa659a66eeec42aa1

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
ppc64le
libsoup-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: c93c47b49b8c04425e2920b92733dd70fea575f2faaa0633c9a74ad9cba8bfa4
libsoup-debuginfo-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: 93ab1af9398e5cc78fe4d932552683b568a84278cd2e5e7fb5349aa33c6b8ed2
libsoup-debugsource-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: efaef6d728c31a5a3fb204d5378f5cfa2f0dbc6eb2fbfdf920ec8b317d890509
libsoup-devel-2.72.0-8.el9_2.5.ppc64le.rpm SHA-256: 96b479301cf2aeb0436498a5084001f80d36ac04a64a942f094bcfbcd0e1e667

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
x86_64
libsoup-2.72.0-8.el9_2.5.i686.rpm SHA-256: 85a7b35ee7d1c8019a65c216f2e27ea142fcfe9730433d95a265db9d5132fdcb
libsoup-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 2796575cb2a99ce7cb385c629688d3039a1406da55dcc9eef795f58cbb604a93
libsoup-debuginfo-2.72.0-8.el9_2.5.i686.rpm SHA-256: 6a9aa00778d7ce8174f088771fbade02d5acf7680d42bad6a1b55597b2b64ad8
libsoup-debuginfo-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 7dceb41f582cc0bbcca2af3442ce1075e6ecc97bcbf5d970c8a4eefd02cbbf0f
libsoup-debugsource-2.72.0-8.el9_2.5.i686.rpm SHA-256: 5e8561791c8b5fede5e1e2136e865996d456343a6a1135971db0587105c89fe0
libsoup-debugsource-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 1fbfd2b6fae1a3127572a9c9efcee8a03618aafd9f5262315805e8458135c263
libsoup-devel-2.72.0-8.el9_2.5.i686.rpm SHA-256: 02c64213ad84c215b550a59ff744c50e49f45aad17e41cb961ac4580ba8efec4
libsoup-devel-2.72.0-8.el9_2.5.x86_64.rpm SHA-256: 417bf327bb4aec2969f82969bf840b17d2fd844434beb9664930e1017518def0

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
aarch64
libsoup-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: 19d38081da1dae1c0ab8cbc3b1568d1b55d051bf776f3929f0e2392d7f013fae
libsoup-debuginfo-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: e5bbae1ea0b359ddde11464414b53b5222052ba505c919e8245f1ac0a7d42676
libsoup-debugsource-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: 118fd63cdf8e25298358dee7abbe2b706fe475bb4efab8850c4ca470ed1ed650
libsoup-devel-2.72.0-8.el9_2.5.aarch64.rpm SHA-256: e9e9e8cb6f155c17535a9082d8d8e2a296f6eb0016e93ecfa659a66eeec42aa1

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
libsoup-2.72.0-8.el9_2.5.src.rpm SHA-256: d26c62a8aaea8c6f8b4ae93ecdff87b68d4191b90cdf1d08bdc927602effad3f
s390x
libsoup-2.72.0-8.el9_2.5.s390x.rpm SHA-256: 5c690605c9d3a651dd22506de3c9821d90994569483c6e751bf73f4e83a44175
libsoup-debuginfo-2.72.0-8.el9_2.5.s390x.rpm SHA-256: 3379be4f2ad3f7dfda02c6964840e803df8a0111732493bac79fb991912cdefd
libsoup-debugsource-2.72.0-8.el9_2.5.s390x.rpm SHA-256: dcd543b308e90e9642c34d7353248652e08ed6e575445f10b659b6a87fc62206
libsoup-devel-2.72.0-8.el9_2.5.s390x.rpm SHA-256: b89aa095da31b1920116d78d71de16d856c28c306233f478837f5f74d857c801

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.