RLSA-2024:9573

Synopsis

Important: libsoup security update

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: infinite loop while reading websocket data (CVE-2024-52532)

* libsoup: HTTP request smuggling via stripping null bytes from the ends of header names (CVE-2024-52530)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2325276 2325284

CVEs

CVE-2024-52530 CVE-2024-52532

Affected packages

Rocky Linux 8 aarch64 - BaseOS

libsoup-0:2.62.3-6.el8_10.aarch64.rpm libsoup-0:2.62.3-6.el8_10.src.rpm libsoup-debuginfo-0:2.62.3-6.el8_10.aarch64.rpm libsoup-debugsource-0:2.62.3-6.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - BaseOS

libsoup-0:2.62.3-6.el8_10.i686.rpm libsoup-0:2.62.3-6.el8_10.src.rpm libsoup-0:2.62.3-6.el8_10.x86_64.rpm libsoup-debuginfo-0:2.62.3-6.el8_10.i686.rpm libsoup-debuginfo-0:2.62.3-6.el8_10.x86_64.rpm libsoup-debugsource-0:2.62.3-6.el8_10.i686.rpm libsoup-debugsource-0:2.62.3-6.el8_10.x86_64.rpm

Rocky Linux 8 aarch64 - AppStream

libsoup-devel-0:2.62.3-6.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

libsoup-devel-0:2.62.3-6.el8_10.i686.rpm libsoup-devel-0:2.62.3-6.el8_10.x86_64.rpm