An update for libsoup is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1485 Final 1.0 1.0 2025-05-09 Initial 2025-05-09 2025-05-09 openEuler SA Tool V1.0 2025-05-09 libsoup security update An update for libsoup is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4 libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fix(es): A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory.(CVE-2025-32907) A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.(CVE-2025-32914) A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.(CVE-2025-46420) A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.(CVE-2025-46421) An update for libsoup is now available for openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libsoup https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1485 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32907 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32914 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-46420 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-46421 https://nvd.nist.gov/vuln/detail/CVE-2025-32907 https://nvd.nist.gov/vuln/detail/CVE-2025-32914 https://nvd.nist.gov/vuln/detail/CVE-2025-46420 https://nvd.nist.gov/vuln/detail/CVE-2025-46421 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 libsoup-help-2.74.3-9.oe2403.noarch.rpm libsoup-help-2.74.3-9.oe2403sp1.noarch.rpm libsoup-help-2.71.0-8.oe2003sp4.noarch.rpm libsoup-help-2.74.2-9.oe2203sp3.noarch.rpm libsoup-help-2.74.2-9.oe2203sp4.noarch.rpm libsoup-2.74.3-9.oe2403.aarch64.rpm libsoup-debuginfo-2.74.3-9.oe2403.aarch64.rpm libsoup-debugsource-2.74.3-9.oe2403.aarch64.rpm libsoup-devel-2.74.3-9.oe2403.aarch64.rpm libsoup-2.74.3-9.oe2403sp1.aarch64.rpm libsoup-debuginfo-2.74.3-9.oe2403sp1.aarch64.rpm libsoup-debugsource-2.74.3-9.oe2403sp1.aarch64.rpm libsoup-devel-2.74.3-9.oe2403sp1.aarch64.rpm libsoup-2.71.0-8.oe2003sp4.aarch64.rpm libsoup-debuginfo-2.71.0-8.oe2003sp4.aarch64.rpm libsoup-debugsource-2.71.0-8.oe2003sp4.aarch64.rpm libsoup-devel-2.71.0-8.oe2003sp4.aarch64.rpm libsoup-2.74.2-9.oe2203sp3.aarch64.rpm libsoup-debuginfo-2.74.2-9.oe2203sp3.aarch64.rpm libsoup-debugsource-2.74.2-9.oe2203sp3.aarch64.rpm libsoup-devel-2.74.2-9.oe2203sp3.aarch64.rpm libsoup-2.74.2-9.oe2203sp4.aarch64.rpm libsoup-debuginfo-2.74.2-9.oe2203sp4.aarch64.rpm libsoup-debugsource-2.74.2-9.oe2203sp4.aarch64.rpm libsoup-devel-2.74.2-9.oe2203sp4.aarch64.rpm libsoup-2.74.3-9.oe2403.src.rpm libsoup-2.74.3-9.oe2403sp1.src.rpm libsoup-2.71.0-8.oe2003sp4.src.rpm libsoup-2.74.2-9.oe2203sp3.src.rpm libsoup-2.74.2-9.oe2203sp4.src.rpm libsoup-2.74.3-9.oe2403.x86_64.rpm libsoup-debuginfo-2.74.3-9.oe2403.x86_64.rpm libsoup-debugsource-2.74.3-9.oe2403.x86_64.rpm libsoup-devel-2.74.3-9.oe2403.x86_64.rpm libsoup-2.74.3-9.oe2403sp1.x86_64.rpm libsoup-debuginfo-2.74.3-9.oe2403sp1.x86_64.rpm libsoup-debugsource-2.74.3-9.oe2403sp1.x86_64.rpm libsoup-devel-2.74.3-9.oe2403sp1.x86_64.rpm libsoup-2.71.0-8.oe2003sp4.x86_64.rpm libsoup-debuginfo-2.71.0-8.oe2003sp4.x86_64.rpm libsoup-debugsource-2.71.0-8.oe2003sp4.x86_64.rpm libsoup-devel-2.71.0-8.oe2003sp4.x86_64.rpm libsoup-2.74.2-9.oe2203sp3.x86_64.rpm libsoup-debuginfo-2.74.2-9.oe2203sp3.x86_64.rpm libsoup-debugsource-2.74.2-9.oe2203sp3.x86_64.rpm libsoup-devel-2.74.2-9.oe2203sp3.x86_64.rpm libsoup-2.74.2-9.oe2203sp4.x86_64.rpm libsoup-debuginfo-2.74.2-9.oe2203sp4.x86_64.rpm libsoup-debugsource-2.74.2-9.oe2203sp4.x86_64.rpm libsoup-devel-2.74.2-9.oe2203sp4.x86_64.rpm A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. 2025-05-09 CVE-2025-32907 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H libsoup security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1485 A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. 2025-05-09 CVE-2025-32914 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 High 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H libsoup security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1485 A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. 2025-05-09 CVE-2025-46420 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H libsoup security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1485 A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. 2025-05-09 CVE-2025-46421 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 Medium 6.8 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N libsoup security update 2025-05-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1485