Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314).
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
libsoup-2_4-1-2.62.2-5.18.1
libsoup-2_4-1-32bit-2.62.2-5.18.1
libsoup-devel-2.62.2-5.18.1
libsoup-lang-2.62.2-5.18.1
typelib-1_0-Soup-2_4-2.62.2-5.18.1
Ссылки
- Link for SUSE-SU-2025:03026-1
- E-Mail link for SUSE-SU-2025:03026-1
- SUSE Security Ratings
- SUSE Bug 1243314
- SUSE CVE CVE-2025-4945 page
Описание
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-2.62.2-5.18.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-32bit-2.62.2-5.18.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-devel-2.62.2-5.18.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-lang-2.62.2-5.18.1
Ссылки
- CVE-2025-4945
- SUSE Bug 1243314