ALAS2023-2025-946

Amazon Linux 2023 Security Advisory: ALAS2023-2025-946
Advisory Released Date: 2025-04-29
Advisory Updated Date: 2025-04-29
Severity: Important
Issue Overview:

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. (CVE-2025-2784)


Affected Packages:

libsoup


Issue Correction:
Run dnf update libsoup --releasever 2023.7.20250428 to update your system.

New Packages:
aarch64:
    libsoup-debuginfo-2.72.0-6.amzn2023.0.4.aarch64
    libsoup-devel-2.72.0-6.amzn2023.0.4.aarch64
    libsoup-2.72.0-6.amzn2023.0.4.aarch64
    libsoup-debugsource-2.72.0-6.amzn2023.0.4.aarch64

noarch:
    libsoup-doc-2.72.0-6.amzn2023.0.4.noarch

src:
    libsoup-2.72.0-6.amzn2023.0.4.src

x86_64:
    libsoup-debuginfo-2.72.0-6.amzn2023.0.4.x86_64
    libsoup-debugsource-2.72.0-6.amzn2023.0.4.x86_64
    libsoup-2.72.0-6.amzn2023.0.4.x86_64
    libsoup-devel-2.72.0-6.amzn2023.0.4.x86_64

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-2784

Mitre: CVE-2025-2784