ALSA-2025:21032

[ALSA-2025:21032] Important: libsoup3 security update

Type:

security

Severity:

important

Release date:

2025-11-24

Description:

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.  

Security Fix(es):  

  * libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)
  * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libsoup3-devel-3.6.5-3.el10_1.6.aarch64.rpm	a2bbd8b993174adc6b6dcef0b04aa58991009230dd2811a02378612b3adaca3c
aarch64	libsoup3-3.6.5-3.el10_1.6.aarch64.rpm	bb1275689c4b92e9277549b2f8923c372a520e35c9bd55debd962d4b8714d72f
noarch	libsoup3-doc-3.6.5-3.el10_1.6.noarch.rpm	bd42e9eaccb41b75d1047d4f6d5f5fcfcae47111384297589689627ad1fb0b16
ppc64le	libsoup3-devel-3.6.5-3.el10_1.6.ppc64le.rpm	2963e1866965739608a908df064c1f784e2dc0fa537ec78feeb2da9f7f76bafe
ppc64le	libsoup3-3.6.5-3.el10_1.6.ppc64le.rpm	7bc202185c3ad425f14f73197c9a39719adecfdc6304129da0aa2e21a5c7cded
s390x	libsoup3-3.6.5-3.el10_1.6.s390x.rpm	7fb69d55872efdf0938be232689d6444e1adf62d43ed421afd38b03a4ca1407b
s390x	libsoup3-devel-3.6.5-3.el10_1.6.s390x.rpm	c56a15869c816805a1f5df8b2eb3bfbdb176068297c6b48c86ebbf2c7d47a3fd
x86_64	libsoup3-3.6.5-3.el10_1.6.x86_64.rpm	799be90c5cfd3066d0695e501742baec7259b22820098a960d8121eaf98f3403
x86_64	libsoup3-devel-3.6.5-3.el10_1.6.x86_64.rpm	9c88833c530ae1d158aead950242b04fb45803a5b098218b10af03f25641a0a9
x86_64_v2	libsoup3-devel-3.6.5-3.el10_1.6.x86_64_v2.rpm	3e96c3bf0abaa6d22866e19a315a042edd32d704fc19dfc1a2bf191fc81ecec7
x86_64_v2	libsoup3-3.6.5-3.el10_1.6.x86_64_v2.rpm	6d12e6508c06a201a8555592aa344607991e88ea30ba6aded9f4bd4f99dc3d34

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.