HCE2-SA-2025-0152 Critical HCE 2.0 Security Fix(es): A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. (CVE-2025-32912) A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server. (CVE-2025-32906) A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server. (CVE-2025-32911) A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. (CVE-2025-32914) A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. (CVE-2025-2784) A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. (CVE-2025-32907) A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. (CVE-2025-32910) A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. (CVE-2025-32052) A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. (CVE-2025-32053) A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function. (CVE-2025-32913) HCE 2.0 libsoup-2.74.2-1.r6.hce2.aarch64.rpm libsoup-devel-2.74.2-1.r6.hce2.aarch64.rpm libsoup-help-2.74.2-1.r6.hce2.noarch.rpm libsoup-2.74.2-1.r6.hce2.x86_64.rpm libsoup-devel-2.74.2-1.r6.hce2.x86_64.rpm