Zowopsa 14 zadziwika mu library ya libsoup, yopangidwa ndi projekiti ya GNOME. Libsoup imapereka kasitomala wa HTTP ndi ma seva omwe amagwiritsa ntchito GObjects kuti aphatikizidwe ndi mapulogalamu a GNOME. Laibulale imagwiritsidwa ntchito mu GNOME Shell, msakatuli wa Epiphany (GNOME Web), wowonera zithunzi za Shotwell, plugin ya supuhttpsrc GStreamer, ndi mapulogalamu ogwiritsa ntchito libwebkit2gtk. M'mbuyomu, laibulale ya libsoup idagwiritsidwa ntchito mu NetworkManager, yomwe, kuyambira ndi kumasulidwa 1.8, idasamukira ku libcurl.
Chimodzi mwa zofooka (CVE-2025-32911) chimapangitsa kuti ntchito ya soup_message_headers_get_content_disposition() ikhale yopanda ma double ndipo ingagwiritsidwe ntchito mwanzeru pokonza ma code akutali pokonza mapempho opangidwa mwapadera kuchokera kwa kasitomala wa HTTP kupita ku seva, yomwe imagwiritsa ntchito libsoup. Vutoli linathetsedwa mu libsoup 3.6.3.
Mavuto 12 amachititsa kuti buffer ichuluke kwambiri panthawi yowerenga kapena NULL pointer dereferences, mwachitsanzo, zomwe zimangoletsa kukana ntchito (wowukira angayambitse kuti pulogalamu yogwiritsa ntchito libsoup igwe). Vuto limodzi (CVE-2025-32907) limayambitsidwa ndi kusagwira bwino mutu wa Range ndipo limalola kasitomala kuyambitsa kugwiritsa ntchito kwambiri kukumbukira pa Seva.
Source: opennet.ru
