Red Hat Product Errata RHSA-2025:4440 - Security Advisory
Issued:
2025-05-05
Updated:
2025-05-05

RHSA-2025:4440 - Security Advisory

Synopsis

Important: libsoup security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: Integer overflow in append_param_quoted (CVE-2025-32050)
  • libsoup: Heap buffer overflow in sniff_unknown() (CVE-2025-32052)
  • libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (CVE-2025-32053)
  • libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906)
  • libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907)
  • libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911)
  • libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913)
  • libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server (CVE-2025-46421)
  • libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c (CVE-2025-46420)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2357067 - CVE-2025-32050 libsoup: Integer overflow in append_param_quoted
  • BZ - 2357069 - CVE-2025-32052 libsoup: Heap buffer overflow in sniff_unknown()
  • BZ - 2357070 - CVE-2025-32053 libsoup: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
  • BZ - 2359341 - CVE-2025-32906 libsoup: Out of bounds reads in soup_headers_parse_request()
  • BZ - 2359342 - CVE-2025-32907 libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header
  • BZ - 2359355 - CVE-2025-32911 libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value
  • BZ - 2359357 - CVE-2025-32913 libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header
  • BZ - 2361962 - CVE-2025-46421 libsoup: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server
  • BZ - 2361963 - CVE-2025-46420 libsoup: Memory leak on soup_header_parse_quality_list() via soup-headers.c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
x86_64
libsoup-2.72.0-8.el9_4.4.i686.rpm SHA-256: 89b0fcc0fc640af33db43f083cdb75656db51220aaed70bcd07a8cd08086bf66
libsoup-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: ee69782d0c7662c187f3b27e546c96a08bfe34e4c0a08e2be7400f68f5519a59
libsoup-debuginfo-2.72.0-8.el9_4.4.i686.rpm SHA-256: cc901fbcd25360c7181cbf083d89b215e72185113ccc8a3b902dfbb2a2029983
libsoup-debuginfo-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: 30d8a211b0e4117482ea7e21db52d0323409fc07d0faee73b2cbdcd71c9c93d3
libsoup-debugsource-2.72.0-8.el9_4.4.i686.rpm SHA-256: 64de65b88e8525d2487b4c3af37217117d15c3509072a899243b8e1b7d52a9d3
libsoup-debugsource-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: c00dc1dee4de7edb78f51f94f6a9b91812e31e6b849853f3899f415e0dba2b33
libsoup-devel-2.72.0-8.el9_4.4.i686.rpm SHA-256: cc1b426ea18df64d51310d26d6e0c8143365e82285d6273d2a63078c78b4d5fc
libsoup-devel-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: 9c4df2802aa4d7155bffbafa3e70067a03e2f00b2e37f1a5a36e0e2bdd96ae05

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
x86_64
libsoup-2.72.0-8.el9_4.4.i686.rpm SHA-256: 89b0fcc0fc640af33db43f083cdb75656db51220aaed70bcd07a8cd08086bf66
libsoup-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: ee69782d0c7662c187f3b27e546c96a08bfe34e4c0a08e2be7400f68f5519a59
libsoup-debuginfo-2.72.0-8.el9_4.4.i686.rpm SHA-256: cc901fbcd25360c7181cbf083d89b215e72185113ccc8a3b902dfbb2a2029983
libsoup-debuginfo-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: 30d8a211b0e4117482ea7e21db52d0323409fc07d0faee73b2cbdcd71c9c93d3
libsoup-debugsource-2.72.0-8.el9_4.4.i686.rpm SHA-256: 64de65b88e8525d2487b4c3af37217117d15c3509072a899243b8e1b7d52a9d3
libsoup-debugsource-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: c00dc1dee4de7edb78f51f94f6a9b91812e31e6b849853f3899f415e0dba2b33
libsoup-devel-2.72.0-8.el9_4.4.i686.rpm SHA-256: cc1b426ea18df64d51310d26d6e0c8143365e82285d6273d2a63078c78b4d5fc
libsoup-devel-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: 9c4df2802aa4d7155bffbafa3e70067a03e2f00b2e37f1a5a36e0e2bdd96ae05

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
s390x
libsoup-2.72.0-8.el9_4.4.s390x.rpm SHA-256: dbd05bc5f1b149b6245cb32424284eee9e61f420a001775c18234883c32eafd5
libsoup-debuginfo-2.72.0-8.el9_4.4.s390x.rpm SHA-256: ceaab76a3bd77dab94a65b5d132850f24008c14e6a6310cceaea766d8ace9ce2
libsoup-debugsource-2.72.0-8.el9_4.4.s390x.rpm SHA-256: a33638fecad6435ad96aab3347f7ac4ac7876dc00330fdfa2e21ce3dbb04d7fe
libsoup-devel-2.72.0-8.el9_4.4.s390x.rpm SHA-256: 3b1622526d782c4b98196493f769a8c52b9d8f49cde191442458e85b23d3d97e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
ppc64le
libsoup-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: 8d99906cc4bb79c70413f4a167dbb2a6f4e4b1a9e4de3e490e753078ca649098
libsoup-debuginfo-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: ae567c0de087a82eb65ff12eb578cda138da976f04a92fd2fe2eb999b19ff230
libsoup-debugsource-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: 19c31f58a6464f0f93cf67d796949a067c19a54a9ddffa80f75588c38b310151
libsoup-devel-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: 4f7870703767cb4b1f7a5d6e1d3a926e887bc841e189d281595635b6fa868961

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
aarch64
libsoup-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: 71802a2ea4a0038a77277d0ff292e71039e61c02c217680723014af89d3a20dc
libsoup-debuginfo-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: 353e73649d79db975d79cd50ab6e6bbae1cdbdd9a9e0894871c8b8dab7acdb37
libsoup-debugsource-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: b11046898098ebf8a2a7c81bfac140ffe9c5c70ad984379c8db1d9f7c6769ce6
libsoup-devel-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: c273779e0964312fe1f59eee3c32752f7e9e5f0b0990d77ccd1d697a5a526805

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
ppc64le
libsoup-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: 8d99906cc4bb79c70413f4a167dbb2a6f4e4b1a9e4de3e490e753078ca649098
libsoup-debuginfo-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: ae567c0de087a82eb65ff12eb578cda138da976f04a92fd2fe2eb999b19ff230
libsoup-debugsource-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: 19c31f58a6464f0f93cf67d796949a067c19a54a9ddffa80f75588c38b310151
libsoup-devel-2.72.0-8.el9_4.4.ppc64le.rpm SHA-256: 4f7870703767cb4b1f7a5d6e1d3a926e887bc841e189d281595635b6fa868961

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
x86_64
libsoup-2.72.0-8.el9_4.4.i686.rpm SHA-256: 89b0fcc0fc640af33db43f083cdb75656db51220aaed70bcd07a8cd08086bf66
libsoup-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: ee69782d0c7662c187f3b27e546c96a08bfe34e4c0a08e2be7400f68f5519a59
libsoup-debuginfo-2.72.0-8.el9_4.4.i686.rpm SHA-256: cc901fbcd25360c7181cbf083d89b215e72185113ccc8a3b902dfbb2a2029983
libsoup-debuginfo-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: 30d8a211b0e4117482ea7e21db52d0323409fc07d0faee73b2cbdcd71c9c93d3
libsoup-debugsource-2.72.0-8.el9_4.4.i686.rpm SHA-256: 64de65b88e8525d2487b4c3af37217117d15c3509072a899243b8e1b7d52a9d3
libsoup-debugsource-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: c00dc1dee4de7edb78f51f94f6a9b91812e31e6b849853f3899f415e0dba2b33
libsoup-devel-2.72.0-8.el9_4.4.i686.rpm SHA-256: cc1b426ea18df64d51310d26d6e0c8143365e82285d6273d2a63078c78b4d5fc
libsoup-devel-2.72.0-8.el9_4.4.x86_64.rpm SHA-256: 9c4df2802aa4d7155bffbafa3e70067a03e2f00b2e37f1a5a36e0e2bdd96ae05

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
aarch64
libsoup-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: 71802a2ea4a0038a77277d0ff292e71039e61c02c217680723014af89d3a20dc
libsoup-debuginfo-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: 353e73649d79db975d79cd50ab6e6bbae1cdbdd9a9e0894871c8b8dab7acdb37
libsoup-debugsource-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: b11046898098ebf8a2a7c81bfac140ffe9c5c70ad984379c8db1d9f7c6769ce6
libsoup-devel-2.72.0-8.el9_4.4.aarch64.rpm SHA-256: c273779e0964312fe1f59eee3c32752f7e9e5f0b0990d77ccd1d697a5a526805

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
libsoup-2.72.0-8.el9_4.4.src.rpm SHA-256: 4615af473f54d3fb0115f4c95bc9cf6b53eb4159c4cfae1326ca283e3c08acec
s390x
libsoup-2.72.0-8.el9_4.4.s390x.rpm SHA-256: dbd05bc5f1b149b6245cb32424284eee9e61f420a001775c18234883c32eafd5
libsoup-debuginfo-2.72.0-8.el9_4.4.s390x.rpm SHA-256: ceaab76a3bd77dab94a65b5d132850f24008c14e6a6310cceaea766d8ace9ce2
libsoup-debugsource-2.72.0-8.el9_4.4.s390x.rpm SHA-256: a33638fecad6435ad96aab3347f7ac4ac7876dc00330fdfa2e21ce3dbb04d7fe
libsoup-devel-2.72.0-8.el9_4.4.s390x.rpm SHA-256: 3b1622526d782c4b98196493f769a8c52b9d8f49cde191442458e85b23d3d97e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.