Description:
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
libsoup-2.72.0-10.el9_6.2.aarch64.rpm |
05c7067a496dd5823348129dfb4b0a7dbe250b7854d74712307d24581df56766 |
| aarch64 |
libsoup-devel-2.72.0-10.el9_6.2.aarch64.rpm |
1520085b44846b00d8d8a368ea513219aeae3d0968509ec7b99c47fec902a06a |
| i686 |
libsoup-devel-2.72.0-10.el9_6.2.i686.rpm |
406ea4421f97b9dffffd9f24dc42d6729640334688b359bd72d1f3ff18d84413 |
| i686 |
libsoup-2.72.0-10.el9_6.2.i686.rpm |
93898bee86f604429ba3c8d6e52cede32f11dd5f10cf33037da966ff06391b4e |
| ppc64le |
libsoup-devel-2.72.0-10.el9_6.2.ppc64le.rpm |
8aa944533e955c24db061f253d87b76a3187f720df64b05b1ddae9ed2e10e04d |
| ppc64le |
libsoup-2.72.0-10.el9_6.2.ppc64le.rpm |
a3633da2274035cbde1c6ddc836f8f6717d7313125f7bb11d5f59aef999f7b06 |
| s390x |
libsoup-2.72.0-10.el9_6.2.s390x.rpm |
3e238cee2087823070e19f9dfccebe438434845383cff19c7566c4e0a78e812b |
| s390x |
libsoup-devel-2.72.0-10.el9_6.2.s390x.rpm |
8a8221fcfb74d1381ff9983fedda122133a876c87fadca845be2b8504eccfbf3 |
| x86_64 |
libsoup-devel-2.72.0-10.el9_6.2.x86_64.rpm |
59a6194f2216dcc300b500f3d7183118209007c393dd29ed4a71d14d2ef25a57 |
| x86_64 |
libsoup-2.72.0-10.el9_6.2.x86_64.rpm |
7f640764d42466a1bd2d3a7d764f77e7754b46f4684eaf5094806d6fef3c034e |
