OESA-2025-1485

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1485
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1485.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1485
Upstream
Published
2025-05-09T12:42:49Z
Modified
2025-08-12T05:50:37.862128Z
Summary
libsoup security update
Details

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications.

Security Fix(es):

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory.(CVE-2025-32907)

A flaw was found in libsoup, where the soupmultipartnewfrommessage() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.(CVE-2025-32914)

A flaw was found in libsoup. It is vulnerable to memory leaks in the soupheaderparsequalitylist() function when parsing a quality list that contains elements with all zeroes.(CVE-2025-46420)

A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.(CVE-2025-46421)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS / libsoup

Package

Name
libsoup
Purl
pkg:rpm/openEuler/libsoup&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.3-9.oe2403sp1

Ecosystem specific

{
    "noarch": [
        "libsoup-help-2.74.3-9.oe2403.noarch.rpm",
        "libsoup-help-2.74.3-9.oe2403sp1.noarch.rpm"
    ],
    "aarch64": [
        "libsoup-2.74.3-9.oe2403.aarch64.rpm",
        "libsoup-debuginfo-2.74.3-9.oe2403.aarch64.rpm",
        "libsoup-debugsource-2.74.3-9.oe2403.aarch64.rpm",
        "libsoup-devel-2.74.3-9.oe2403.aarch64.rpm",
        "libsoup-2.74.3-9.oe2403sp1.aarch64.rpm",
        "libsoup-debuginfo-2.74.3-9.oe2403sp1.aarch64.rpm",
        "libsoup-debugsource-2.74.3-9.oe2403sp1.aarch64.rpm",
        "libsoup-devel-2.74.3-9.oe2403sp1.aarch64.rpm"
    ],
    "src": [
        "libsoup-2.74.3-9.oe2403.src.rpm",
        "libsoup-2.74.3-9.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "libsoup-2.74.3-9.oe2403.x86_64.rpm",
        "libsoup-debuginfo-2.74.3-9.oe2403.x86_64.rpm",
        "libsoup-debugsource-2.74.3-9.oe2403.x86_64.rpm",
        "libsoup-devel-2.74.3-9.oe2403.x86_64.rpm",
        "libsoup-2.74.3-9.oe2403sp1.x86_64.rpm",
        "libsoup-debuginfo-2.74.3-9.oe2403sp1.x86_64.rpm",
        "libsoup-debugsource-2.74.3-9.oe2403sp1.x86_64.rpm",
        "libsoup-devel-2.74.3-9.oe2403sp1.x86_64.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / libsoup

Package

Name
libsoup
Purl
pkg:rpm/openEuler/libsoup&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.3-9.oe2403sp1

Ecosystem specific

{
    "noarch": [
        "libsoup-help-2.74.3-9.oe2403sp1.noarch.rpm"
    ],
    "aarch64": [
        "libsoup-2.74.3-9.oe2403sp1.aarch64.rpm",
        "libsoup-debuginfo-2.74.3-9.oe2403sp1.aarch64.rpm",
        "libsoup-debugsource-2.74.3-9.oe2403sp1.aarch64.rpm",
        "libsoup-devel-2.74.3-9.oe2403sp1.aarch64.rpm"
    ],
    "src": [
        "libsoup-2.74.3-9.oe2403sp1.src.rpm"
    ],
    "x86_64": [
        "libsoup-2.74.3-9.oe2403sp1.x86_64.rpm",
        "libsoup-debuginfo-2.74.3-9.oe2403sp1.x86_64.rpm",
        "libsoup-debugsource-2.74.3-9.oe2403sp1.x86_64.rpm",
        "libsoup-devel-2.74.3-9.oe2403sp1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP4 / libsoup

Package

Name
libsoup
Purl
pkg:rpm/openEuler/libsoup&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.71.0-8.oe2003sp4

Ecosystem specific

{
    "noarch": [
        "libsoup-help-2.71.0-8.oe2003sp4.noarch.rpm"
    ],
    "aarch64": [
        "libsoup-2.71.0-8.oe2003sp4.aarch64.rpm",
        "libsoup-debuginfo-2.71.0-8.oe2003sp4.aarch64.rpm",
        "libsoup-debugsource-2.71.0-8.oe2003sp4.aarch64.rpm",
        "libsoup-devel-2.71.0-8.oe2003sp4.aarch64.rpm"
    ],
    "src": [
        "libsoup-2.71.0-8.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "libsoup-2.71.0-8.oe2003sp4.x86_64.rpm",
        "libsoup-debuginfo-2.71.0-8.oe2003sp4.x86_64.rpm",
        "libsoup-debugsource-2.71.0-8.oe2003sp4.x86_64.rpm",
        "libsoup-devel-2.71.0-8.oe2003sp4.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / libsoup

Package

Name
libsoup
Purl
pkg:rpm/openEuler/libsoup&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.2-9.oe2203sp3

Ecosystem specific

{
    "noarch": [
        "libsoup-help-2.74.2-9.oe2203sp3.noarch.rpm"
    ],
    "aarch64": [
        "libsoup-2.74.2-9.oe2203sp3.aarch64.rpm",
        "libsoup-debuginfo-2.74.2-9.oe2203sp3.aarch64.rpm",
        "libsoup-debugsource-2.74.2-9.oe2203sp3.aarch64.rpm",
        "libsoup-devel-2.74.2-9.oe2203sp3.aarch64.rpm"
    ],
    "src": [
        "libsoup-2.74.2-9.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "libsoup-2.74.2-9.oe2203sp3.x86_64.rpm",
        "libsoup-debuginfo-2.74.2-9.oe2203sp3.x86_64.rpm",
        "libsoup-debugsource-2.74.2-9.oe2203sp3.x86_64.rpm",
        "libsoup-devel-2.74.2-9.oe2203sp3.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / libsoup

Package

Name
libsoup
Purl
pkg:rpm/openEuler/libsoup&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.74.2-9.oe2203sp4

Ecosystem specific

{
    "noarch": [
        "libsoup-help-2.74.2-9.oe2203sp4.noarch.rpm"
    ],
    "aarch64": [
        "libsoup-2.74.2-9.oe2203sp4.aarch64.rpm",
        "libsoup-debuginfo-2.74.2-9.oe2203sp4.aarch64.rpm",
        "libsoup-debugsource-2.74.2-9.oe2203sp4.aarch64.rpm",
        "libsoup-devel-2.74.2-9.oe2203sp4.aarch64.rpm"
    ],
    "src": [
        "libsoup-2.74.2-9.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "libsoup-2.74.2-9.oe2203sp4.x86_64.rpm",
        "libsoup-debuginfo-2.74.2-9.oe2203sp4.x86_64.rpm",
        "libsoup-debugsource-2.74.2-9.oe2203sp4.x86_64.rpm",
        "libsoup-devel-2.74.2-9.oe2203sp4.x86_64.rpm"
    ]
}