Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
Other fixes:
- websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391).
- fix an intermittent test failure (glgo#GNOME/soup#399).
Список пакетов
Container suse/sles/15.7/libguestfs-tools:1.4.0
libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
libsoup-3_0-0-3.4.4-150600.3.3.1
libsoup-devel-3.4.4-150600.3.3.1
libsoup-lang-3.4.4-150600.3.3.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.3.1
openSUSE Leap 15.6
libsoup-3_0-0-3.4.4-150600.3.3.1
libsoup-3_0-0-32bit-3.4.4-150600.3.3.1
libsoup-devel-3.4.4-150600.3.3.1
libsoup-devel-32bit-3.4.4-150600.3.3.1
libsoup-lang-3.4.4-150600.3.3.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.3.1
Ссылки
- Link for SUSE-SU-2024:4355-1
- E-Mail link for SUSE-SU-2024:4355-1
- SUSE Security Ratings
- SUSE Bug 1233285
- SUSE Bug 1233287
- SUSE Bug 1233292
- SUSE CVE CVE-2024-52530 page
- SUSE CVE CVE-2024-52531 page
- SUSE CVE CVE-2024-52532 page
Описание
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.
Затронутые продукты
Container suse/sles/15.7/libguestfs-tools:1.4.0:libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-devel-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-lang-3.4.4-150600.3.3.1
Ссылки
- CVE-2024-52530
- SUSE Bug 1233285
Описание
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.
Затронутые продукты
Container suse/sles/15.7/libguestfs-tools:1.4.0:libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-devel-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-lang-3.4.4-150600.3.3.1
Ссылки
- CVE-2024-52531
- SUSE Bug 1233285
- SUSE Bug 1233292
Описание
GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.
Затронутые продукты
Container suse/sles/15.7/libguestfs-tools:1.4.0:libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-3_0-0-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-devel-3.4.4-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-lang-3.4.4-150600.3.3.1
Ссылки
- CVE-2024-52532
- SUSE Bug 1233285
- SUSE Bug 1233287