关键信息 漏洞概述 公告编号: RHSA-2025:7436 类型/严重性: 重要安全更新 主题: libsoup 安全更新,适用于 Red Hat Enterprise Linux 9 影响的产品 Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for ARM 64 aarch64 固定的漏洞 CVE-2025-32050: Integer overflow in append_param_quoted CVE-2025-32052: Heap buffer overflow in sniff_unknown() CVE-2025-32053: Heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() CVE-2025-32906: Out of bounds reads in soup_headers_parse_request() CVE-2025-32907: Denial of service in server when client requests a large amount of overlapping ranges with Range header CVE-2025-32910: Double free on soup_message_headers_get_content_disposition() through "soups-message-headers.c" via "params" GHashTable value CVE-2025-32911: Double free on soup_message_headers_get_content_disposition() through "soups-message-headers.c" via "filename" parameter is present, but has no value in Content-Disposition header CVE-2025-32913: NULL pointer dereference in soup_message_headers_get_content_disposition when "filename" parameter is present, but has no value in Content-Disposition header CVE-2025-46421: Information disclosure may leads libsoup client sends Authorization header to a different host when being redirected by a server CVE-2025-46420: Memory leak on soup_header_parse_quality_list() via soup-headers.c 参考链接 Red Hat 安全更新分类 解决方案 详细的应用此更新的方法,请参考:相关文章