SUSE-SU-2025:02277-1

Опубликовано: 10 июл. 2025

Источник: suse-cvrf

Описание

Security update for libsoup2

This update for libsoup2 fixes the following issues:

CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314).

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

libsoup-2_4-1-2.74.3-150600.4.12.1

libsoup2-devel-2.74.3-150600.4.12.1

libsoup2-lang-2.74.3-150600.4.12.1

typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP7

libsoup-2_4-1-2.74.3-150600.4.12.1

libsoup2-devel-2.74.3-150600.4.12.1

libsoup2-lang-2.74.3-150600.4.12.1

typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1

openSUSE Leap 15.6

libsoup-2_4-1-2.74.3-150600.4.12.1

libsoup-2_4-1-32bit-2.74.3-150600.4.12.1

libsoup2-devel-2.74.3-150600.4.12.1

libsoup2-devel-32bit-2.74.3-150600.4.12.1

libsoup2-lang-2.74.3-150600.4.12.1

typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202502277-1/
Link for SUSE-SU-2025:02277-1
https://lists.suse.com/pipermail/sle-updates/2025-July/040675.html
E-Mail link for SUSE-SU-2025:02277-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1243314
SUSE Bug 1243314
https://www.suse.com/security/cve/CVE-2025-4945/
SUSE CVE CVE-2025-4945 page

Описание

A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.

Затронутые продукты

SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-2_4-1-2.74.3-150600.4.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-devel-2.74.3-150600.4.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-lang-2.74.3-150600.4.12.1

SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-4945.html
CVE-2025-4945
https://bugzilla.suse.com/1243314
SUSE Bug 1243314

SUSE-SU-2025:02277-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Basesystem 15 SP6

SUSE Linux Enterprise Module for Basesystem 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-4945

Описание

Затронутые продукты

Ссылки