Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: libsoup3 Security Advisory - Fix for Request Smuggling and Loop

fedora
Calendar Grey November 28, 2024
Dist Fedora Esm H88
New updates for libsoup3 have been launched to fix request smuggling and endless loop vulnerabilities in Fedora 40. Make sure to upgrade immediately!
Add patches to fix: CVE-2024-52530 libsoup3: HTTP request smuggling via stripping null bytes from the ends of header names (bug #2325358) CVE-2024-52532 libsoup3: infinite loop whi...

Summary

Libsoup is an HTTP library implementation in C. It was originally part

of a SOAP (Simple Object Access Protocol) implementation called Soup, but

the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK

applications. This enables GNOME applications to access HTTP servers

on the network in a completely asynchronous fashion, very similar to

the Gtk+ programming model (a synchronous operation mode is also

supported for those who want it), but the SOAP parts were removed

long ago.

Update Information:

Add patches to fix: CVE-2024-52530 libsoup3: HTTP request smuggling via stripping null bytes from the ends of header names (bug #2325358) CVE-2024-52532 libsoup3: infinite loop while reading websocket data (bug #2325356)

Topics%20covered

Topics Covered

security advisory Fedora patch update request smuggling libsoup3 websocket loop

Change Log

* Tue Nov 12 2024 Milan Crha - 3.4.4-5 - Add a patch to fix CVE-2024-52532 (infinite loop while reading websocket data) * Tue Nov 12 2024 Milan Crha - 3.4.4-4 - Add a patch to fix CVE-2024-52530 (headers: Strictly don't allow NUL bytes)

References


[ 1 ] Bug #2325356 - CVE-2024-52532 libsoup3: infinite loop while reading websocket data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2325356 [ 2 ] Bug #2325358 - CVE-2024-52530 libsoup3: HTTP request smuggling via stripping null bytes from the ends of header names [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2325358

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-bd09057dd2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libsoup3
Product: Fedora 40
Version: 3.4.4
Release: 5.fc40
URL: https://wiki.gnome.org/Projects/libsoup
Summary: Soup, an HTTP library implementation

Topics%20covered

Topics Covered

security advisory Fedora patch update request smuggling libsoup3 websocket loop

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here