Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): libsoup: Heap buffer over-read in skip_insignificant_space when sniffing content (CVE-2025-2784) libsoup: Denial of Service attack to websocket server (CVE-2025-32049) libsoup: Out of bounds reads in soup_headers_parse_request() (CVE-2025-32906) libsoup: Double free on soup_message_headers_get_content_disposition() through "soup-message-headers.c" via "params" GHashTable value (CVE-2025-32911) libsoup: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header (CVE-2025-32913) libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914) libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in…Read More