[ALSA-2025:7505] Important: libsoup3 security update
Type:
security
Severity:
important
Release date:
2025-07-02
Description:
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784) * libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) * libsoup: Denial of service on libsoup through HTTP/2 server (CVE-2025-32908) * libsoup: NULL pointer dereference in client when server omits the "nonce" parameter in an Unauthorized response with Digest authentication (CVE-2025-32912) * libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914) * libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 libsoup3-devel-3.6.5-3.el10_0.aarch64.rpm 0111b02f2f19a353bd6883fb3780bd0876e81d3328d0c446e62a6a5926edec63
aarch64 libsoup3-3.6.5-3.el10_0.aarch64.rpm 12ce0a1c142afbe2c2fd5e4807c8dd659ab4188fa88d651fe17e502be91547aa
noarch libsoup3-doc-3.6.5-3.el10_0.noarch.rpm 7527995514c96f4aa287108b910b1059db469a8d0f58fb1b7e1bf36c25b7d71b
ppc64le libsoup3-3.6.5-3.el10_0.ppc64le.rpm 6e55934237bac05fec671600f902c38ed8edcd74d2c295abbd1da5abb532c12b
ppc64le libsoup3-devel-3.6.5-3.el10_0.ppc64le.rpm ea96fd50f72ab121878eefb03e3b9e72bb60959e181a2a354fa86534dda14517
s390x libsoup3-3.6.5-3.el10_0.s390x.rpm a2fd1d879f39eed3d12d946b2667d0840fd81800bf0897583d1841a245595404
s390x libsoup3-devel-3.6.5-3.el10_0.s390x.rpm fa8e1bcb2b60b640bd86243c3e3e6f9c20d7cbe4f4d1d3e547e3e13b58ce2208
x86_64 libsoup3-3.6.5-3.el10_0.x86_64.rpm 15e46b1b427c207913ac1b04c8f950232f31ea37707687155c7984a67e277fcc
x86_64 libsoup3-devel-3.6.5-3.el10_0.x86_64.rpm d056025137c671de2572b34fae8bcfb65a513414f603ff4505fa717cbe736aaa
x86_64_v2 libsoup3-3.6.5-3.el10_0.x86_64_v2.rpm be7b69910fc83719662350d36ce9af55c0b364c5360ceac70d18914340b6d81d
x86_64_v2 libsoup3-devel-3.6.5-3.el10_0.x86_64_v2.rpm e90b243f04398a36c2e5addc16ebfdebb0bb346d9b1ac415399a284a5d123ba4
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.