ALT-PU-2025-9694-2
Package libsoup3.0 updated to version 3.6.5-alt1 for branch p11 in task 390743.
Closed vulnerabilities
Published: 2025-01-22
BDU:2025-05737
Уязвимость функции skip_insight_whitespace() библиотеки libsoup графического интерфейса GNOME, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (7.5)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2025-04-03
Modified: 2025-06-20
Modified: 2025-06-20
CVE-2025-2784
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
References:
- https://access.redhat.com/errata/RHSA-2025:7505
- https://access.redhat.com/errata/RHSA-2025:8126
- https://access.redhat.com/errata/RHSA-2025:8132
- https://access.redhat.com/errata/RHSA-2025:8139
- https://access.redhat.com/errata/RHSA-2025:8140
- https://access.redhat.com/errata/RHSA-2025:8252
- https://access.redhat.com/errata/RHSA-2025:8480
- https://access.redhat.com/errata/RHSA-2025:8481
- https://access.redhat.com/errata/RHSA-2025:8482
- https://access.redhat.com/errata/RHSA-2025:8663
- https://access.redhat.com/errata/RHSA-2025:9179
- https://access.redhat.com/security/cve/CVE-2025-2784
- https://bugzilla.redhat.com/show_bug.cgi?id=2354669
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/422
- https://gitlab.gnome.org/GNOME/libsoup/-/issues/422