Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:4290-1

Опубликовано: 11 дек. 2024
Источник: suse-cvrf

Описание

Security update for libsoup2

This update for libsoup2 fixes the following issues:

  • CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
  • CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
  • CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6
libsoup-2_4-1-2.74.3-150600.4.3.1
libsoup2-devel-2.74.3-150600.4.3.1
libsoup2-lang-2.74.3-150600.4.3.1
typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1
openSUSE Leap 15.6
libsoup-2_4-1-2.74.3-150600.4.3.1
libsoup-2_4-1-32bit-2.74.3-150600.4.3.1
libsoup2-devel-2.74.3-150600.4.3.1
libsoup2-devel-32bit-2.74.3-150600.4.3.1
libsoup2-lang-2.74.3-150600.4.3.1
typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1

Ссылки

Описание

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-2_4-1-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-devel-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-lang-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1
Ссылки

Описание

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-2_4-1-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-devel-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-lang-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1
Ссылки

Описание

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-2_4-1-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-devel-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-lang-2.74.3-150600.4.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.3.1
Ссылки