RLSA-2025:19714

Synopsis

Important: libsoup security update

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)

* libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2367175 2399627

CVEs

CVE-2025-11021 CVE-2025-4945

Affected packages

Rocky Linux 8 aarch64 - BaseOS

libsoup-0:2.62.3-10.el8_10.aarch64.rpm libsoup-0:2.62.3-10.el8_10.src.rpm libsoup-debuginfo-0:2.62.3-10.el8_10.aarch64.rpm libsoup-debugsource-0:2.62.3-10.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - BaseOS

libsoup-0:2.62.3-10.el8_10.i686.rpm libsoup-0:2.62.3-10.el8_10.src.rpm libsoup-0:2.62.3-10.el8_10.x86_64.rpm libsoup-debuginfo-0:2.62.3-10.el8_10.i686.rpm libsoup-debuginfo-0:2.62.3-10.el8_10.x86_64.rpm libsoup-debugsource-0:2.62.3-10.el8_10.i686.rpm libsoup-debugsource-0:2.62.3-10.el8_10.x86_64.rpm

Rocky Linux 8 aarch64 - AppStream

libsoup-devel-0:2.62.3-10.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

libsoup-devel-0:2.62.3-10.el8_10.i686.rpm libsoup-devel-0:2.62.3-10.el8_10.x86_64.rpm