关键信息 漏洞概述 公告编号: RHSA-2025:4440 类型/严重性: 重要安全更新 主题: libsoup 安全更新 影响的产品 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for SAP HANA LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux Server for SAP HANA LE - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x 固定的漏洞 CVE-2025-32050: Integer overflow in append_param_quoted CVE-2025-32052: Heap buffer overflow in sniff_unknown() CVE-2025-32053: Heap buffer overflows in snift_feed_or_html() and skip_insignificant_space() CVE-2025-32906: Out of bounds reads in soup_headers_parse_request() CVE-2025-32907: Denial of service in server when client requests a large amount of overlapping ranges with Range header CVE-2025-32911: Double free on soup_message_headers_get_content_disposition() through "soups-message-headers.c" via "params" GHashTable value CVE-2025-32913: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header CVE-2025-46421: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server CVE-2025-46420: Memory leak on soup_header_parse_quality_list() via soup-headers.c 解决方案 参考 Red Hat 文章 获取应用此更新的详细步骤。 参考资料 Red Hat 安全更新分类 联系方式 Red Hat 安全联系邮箱: secalert@redhat.com 更多联系方式: Red Hat 安全团队联系页面