{"id":1935,"date":"2025-04-28T03:33:16","date_gmt":"2025-04-28T03:33:16","guid":{"rendered":"http:\/\/localhost\/?p=1935"},"modified":"2025-04-28T03:33:16","modified_gmt":"2025-04-28T03:33:16","slug":"security-dla-4140-1-libsoup24-security-update","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=1935","title":{"rendered":"[SECURITY] [DLA 4140-1] libsoup2.4 security update"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\n[SECURITY] [DLA 4140-1] libsoup2.4 security update<\/td>\n<\/tr>\n
Type<\/th>\ndebian<\/td>\n<\/tr>\n
Published<\/th>\n2025-04-27T16:48:06<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-04-28T07:42:49<\/td>\n<\/tr>\n
CVSS Score<\/th>\n9.0 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nHIGH<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2025-2784, CVE-2025-32049, CVE-2025-32050, CVE-2025-32052, CVE-2025-32053, CVE-2025-32906, CVE-2025-32907, CVE-2025-32909, CVE-2025-32910, CVE-2025-32911, CVE-2025-32912, CVE-2025-32913, CVE-2025-32914<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nunix<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ————————————————————————-
\nDebian LTS Advisory DLA-4140-1 debian-lts@lists.debian.org
\nhttps:\/\/www.debian.org\/lts\/security\/ Andreas Henriksson
\nApril 27, 2025 https:\/\/wiki.debian.org\/LTS
\n————————————————————————-<\/p>\n

Package : libsoup2.4
\nVersion : 2.72.0-2+deb11u2
\nCVE ID : CVE-2025-2784 CVE-2025-32050 CVE-2025-32052 CVE-2025-32053
\n CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911
\n CVE-2025-32912 CVE-2025-32913 CVE-2025-32914
\nDebian Bug : 1091502 1102208 1102212 1102214 1102215 1103521 1103517
\n 1103516 1103515 1103267 1103512<\/p>\n

Several security vulnerabilities have been discovered in libsoup2.4, a http
\nclient\/server library popularly used in GNOME, et.al.<\/p>\n

CVE-2025-2784<\/p>\n

The package is vulnerable to a heap buffer over-read when sniffing content
\n via the skip_insight_whitespace() function. Libsoup clients may read one
\n byte out-of-bounds in response to a crafted HTTP response by an HTTP
\n server.<\/p>\n

CVE-2025-32050<\/p>\n

The libsoup append_param_quoted() function may contain an overflow bug
\n resulting in a buffer under-read.<\/p>\n

CVE-2025-32052<\/p>\n

A vulnerability in the sniff_unknown() function may lead to heap buffer
\n over-read.<\/p>\n

CVE-2025-32053<\/p>\n

A vulnerability in sniff_feed_or_html() and skip_insignificant_space()
\n functions may lead to a heap buffer over-read.<\/p>\n

CVE-2025-32906<\/p>\n

The soup_headers_parse_request() function may be vulnerable to an
\n out-of-bound read. This flaw allows a malicious user to use a specially
\n crafted HTTP request to crash the HTTP server.<\/p>\n

CVE-2025-32909<\/p>\n

SoupContentSniffer may be vulnerable to a NULL pointer dereference in the
\n sniff_mp4 function. The HTTP server may cause the libsoup client to crash.<\/p>\n

CVE-2025-32910<\/p>\n

A flaw was found in libsoup, where soup_auth_digest_authenticate() is
\n vulnerable to a NULL pointer dereference. This issue may cause the libsoup
\n client to crash.<\/p>\n

CVE-2025-32911<\/p>\n

Vulnerable to a use-after-free memory issue not on the heap in the
\n soup_message_headers_get_content_disposition() function.
\n This flaw allows a malicious HTTP client to cause memory corruption in the
\n libsoup server.<\/p>\n

CVE-2025-32912<\/p>\n

SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server
\n may cause the libsoup client to crash.<\/p>\n

CVE-2025-32913<\/p>\n

The soup_message_headers_get_content_disposition() function is vulnerable
\n to a NULL pointer dereference. This flaw allows a malicious HTTP peer to
\n crash a libsoup client or server that uses this function.<\/p>\n

CVE-2025-32914<\/p>\n

The soup_multipart_new_from_message() function is vulnerable to an
\n out-of-bounds read. This flaw allows a malicious HTTP client to induce the
\n libsoup server to read out of bounds.<\/p>\n

Additionally this update also includes a fix to extend the lifetime
\nof a certificate used by the test-suite during build to avoid
\nexpiring soon.<\/p>\n

Note that this update does *not* yet address CVE-2025-32907 and CVE-2025-32049
\nwhich are still being discussed.<\/p>\n

For Debian 11 bullseye, these problems have been fixed in version
\n2.72.0-2+deb11u2.<\/p>\n

We recommend that you upgrade your libsoup2.4 packages.<\/p>\n

For the detailed security status of libsoup2.4 please refer to
\nits security tracker page at:
\nhttps:\/\/security-tracker.debian.org\/tracker\/libsoup2.4<\/p>\n

Further information about Debian LTS security advisories, how to apply
\nthese updates to your system and frequently asked questions can be
\nfound at: https:\/\/wiki.debian.org\/LTS
\nAttachment:
\nsignature.asc
\nDescription: PGP signature<\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n9.0<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n