Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read (bsc#1250562).
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
libsoup-3_0-0-3.4.4-150600.3.18.1
libsoup-devel-3.4.4-150600.3.18.1
libsoup-lang-3.4.4-150600.3.18.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libsoup-3_0-0-3.4.4-150600.3.18.1
libsoup-devel-3.4.4-150600.3.18.1
libsoup-lang-3.4.4-150600.3.18.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1
openSUSE Leap 15.6
libsoup-3_0-0-3.4.4-150600.3.18.1
libsoup-3_0-0-32bit-3.4.4-150600.3.18.1
libsoup-devel-3.4.4-150600.3.18.1
libsoup-devel-32bit-3.4.4-150600.3.18.1
libsoup-lang-3.4.4-150600.3.18.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1
Ссылки
- Link for SUSE-SU-2025:3753-1
- E-Mail link for SUSE-SU-2025:3753-1
- SUSE Security Ratings
- SUSE Bug 1250562
- SUSE CVE CVE-2025-11021 page
Описание
A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-3_0-0-3.4.4-150600.3.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-devel-3.4.4-150600.3.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-lang-3.4.4-150600.3.18.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1
Ссылки
- CVE-2025-11021
- SUSE Bug 1250562