{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2025-46420: fix memory leaks in the soup_header_parse_quality_list()\n- CVE-2025-32050: fix using int instead of size_t for strcspn return to avoid\n buffer under-read\n- CVE-2025-32052: fix heap buffer overflow in soup_content_sniffer_sniff", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1749569869.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "tracking": { "current_release_date": "2026-02-16T09:25:39Z", "generator": { "date": "2026-02-16T09:25:39Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1749569869", "initial_release_date": "2025-06-10T15:39:02Z", "revision_history": [ { "date": "2025-06-10T15:39:02Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:25:39Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "libsoup: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "product": { "name": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "product_id": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup@2.72.0-8.el9_2.tuxcare.els5?arch=i686" } } }, { "category": "product_version", "name": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "product": { "name": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "product_id": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup-devel@2.72.0-8.el9_2.tuxcare.els5?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "product": { "name": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "product_id": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup@2.72.0-8.el9_2.tuxcare.els5?arch=x86_64" } } }, { "category": "product_version", "name": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "product": { "name": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "product_id": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup-devel@2.72.0-8.el9_2.tuxcare.els5?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch", "product": { "name": "libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch", "product_id": "libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libsoup-doc@2.72.0-8.el9_2.tuxcare.els5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686" }, "product_reference": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64" }, "product_reference": "libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64" }, "product_reference": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686" }, "product_reference": "libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" }, "product_reference": "libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-32052", "cwe": { "id": "CWE-126", "name": "Buffer Over-read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32052" } ], "release_date": "2025-04-03T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-06-10T15:37:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "product_ids": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-4948", "cwe": { "id": "CWE-191", "name": "Integer Underflow (Wrap or Wraparound)" }, "notes": [ { "category": "description", "text": "A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal calculation can go wrong, leading to an integer underflow. This can cause the program to access invalid memory and crash. As a result, any application or server using libsoup could be forced to exit unexpectedly, creating a denial-of-service (DoS) risk.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-4948" } ], "release_date": "2025-05-19T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-06-10T15:37:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "product_ids": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-32050", "cwe": { "id": "CWE-127", "name": "Buffer Under-read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32050" } ], "release_date": "2025-04-03T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-06-10T15:37:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "product_ids": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-46420", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-46420" } ], "release_date": "2025-04-24T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-06-10T15:37:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "product_ids": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-32914", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-32914" } ], "release_date": "2025-04-14T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-06-10T15:37:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "product_ids": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-2784", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-2784" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:21657", "url": "https://access.redhat.com/errata/RHSA-2025:21657" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:7505", "url": "https://access.redhat.com/errata/RHSA-2025:7505" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8126", "url": "https://access.redhat.com/errata/RHSA-2025:8126" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8132", "url": "https://access.redhat.com/errata/RHSA-2025:8132" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8139", "url": "https://access.redhat.com/errata/RHSA-2025:8139" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8140", "url": "https://access.redhat.com/errata/RHSA-2025:8140" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8252", "url": "https://access.redhat.com/errata/RHSA-2025:8252" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8480", "url": "https://access.redhat.com/errata/RHSA-2025:8480" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8481", "url": "https://access.redhat.com/errata/RHSA-2025:8481" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8482", "url": "https://access.redhat.com/errata/RHSA-2025:8482" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:8663", "url": "https://access.redhat.com/errata/RHSA-2025:8663" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2025:9179", "url": "https://access.redhat.com/errata/RHSA-2025:9179" }, { "category": "external", "summary": "https://access.redhat.com/security/cve/CVE-2025-2784", "url": "https://access.redhat.com/security/cve/CVE-2025-2784" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354669" }, { "category": "external", "summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422", "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/422" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html", "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00036.html" } ], "release_date": "2025-04-03T03:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-06-10T15:37:51Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869", "product_ids": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1749569869" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.i686", "AlmaLinux-9.2:libsoup-devel-0:2.72.0-8.el9_2.tuxcare.els5.x86_64", "AlmaLinux-9.2:libsoup-doc-0:2.72.0-8.el9_2.tuxcare.els5.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }