Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: libsoup4 Critical Vulnerability Mitigation 2025-99869c1fad

fedora
Calendar Grey August 2, 2025
Dist Fedora Esm H88
Patch deployed for Fedora 42 resolving severe denial of service vulnerabilities in libsoup3. Remediates several CVEs.
This update fixes these CVEs: CVE-2025-4948 CVE-2025-32908 CVE-2025-32907 CVE-2025-4969

Summary

Libsoup is an HTTP library implementation in C. It was originally part

of a SOAP (Simple Object Access Protocol) implementation called Soup, but

the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK

applications. This enables GNOME applications to access HTTP servers

on the network in a completely asynchronous fashion, very similar to

the Gtk+ programming model (a synchronous operation mode is also

supported for those who want it), but the SOAP parts were removed

long ago.

Update Information:

This update fixes these CVEs: CVE-2025-4948 CVE-2025-32908 CVE-2025-32907 CVE-2025-4969 CVE-2025-4945 CVE-2025-4476

Topics%20covered

Topics Covered

security advisory denial of service fedora update important libsoup3

Change Log

* Wed Jul 30 2025 Marek Kasik - 3.6.5-2 - Fix multiple CVEs

References


[ 1 ] Bug #2359349 - CVE-2025-32907 libsoup3: Denial of service in server when client requests a large amount of overlapping ranges with Range header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2359349 [ 2 ] Bug #2359350 - CVE-2025-32908 libsoup3: Denial of service on libsoup through HTTP/2 server [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2359350 [ 3 ] Bug #2366518 - CVE-2025-4476 libsoup3: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2366518 [ 4 ] Bug #2366522 - CVE-2025-4476 libsoup3: Null pointer dereference in libsoup may lead to Denial Of Service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2366522 [ 5 ] Bug #2367177 - CVE-2025-4945 libsoup3: Integer Overflow in Cookie Expiration Date Handling in libsoup [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2367177 [ 6 ] Bug #2367189 - CVE-2025-4948...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-99768b0fab' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: libsoup3
Product: Fedora 42
Version: 3.6.5
Release: 2.fc42
URL: https://wiki.gnome.org/Projects/libsoup
Summary: Soup, an HTTP library implementation

Topics%20covered

Topics Covered

security advisory denial of service fedora update important libsoup3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here