Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:4365-1

Опубликовано: 17 дек. 2024
Источник: suse-cvrf

Описание

Security update for libsoup

This update for libsoup fixes the following issues:

  • CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
  • CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
  • CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)

Other fixes:

  • websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391).
  • fix an intermittent test failure (glgo#GNOME/soup#399).
  • updated to version 2.68.4.

Список пакетов

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
libsoup-2_4-1-2.68.4-150200.4.3.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1
SUSE Linux Enterprise Micro 5.2
libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libsoup-2_4-1-2.68.4-150200.4.3.1
libsoup-devel-2.68.4-150200.4.3.1
libsoup-lang-2.68.4-150200.4.3.1
typelib-1_0-Soup-2_4-2.68.4-150200.4.3.1

Ссылки

Описание

GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header.

Затронутые продукты
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libsoup-2_4-1-2.68.4-150200.4.3.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1:libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1:libsoup-devel-2.68.4-150200.4.3.1
Ссылки

Описание

GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this.

Затронутые продукты
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libsoup-2_4-1-2.68.4-150200.4.3.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1:libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1:libsoup-devel-2.68.4-150200.4.3.1
Ссылки

Описание

GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.

Затронутые продукты
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:libsoup-2_4-1-2.68.4-150200.4.3.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1:libsoup-2_4-1-2.68.4-150200.4.3.1
SUSE Enterprise Storage 7.1:libsoup-devel-2.68.4-150200.4.3.1
Ссылки