Описание
Security update for libmicrohttpd
This update for libmicrohttpd fixes the following issues:
- CVE-2025-59777: Fixed NULL pointer dereference via specially crafted packet sent by an attacker (bsc#1253177)
- CVE-2025-62689: Fixed heap-based buffer overflow via specially crafted packet sent by an attacker (bsc#1253178)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
libmicrohttpd12-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libmicrohttpd12-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
libmicrohttpd-devel-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
libmicrohttpd-devel-0.9.77-150600.3.3.1
openSUSE Leap 15.6
libmicrohttpd-devel-0.9.77-150600.3.3.1
libmicrohttpd12-0.9.77-150600.3.3.1
Ссылки
- Link for SUSE-SU-2025:4291-1
- E-Mail link for SUSE-SU-2025:4291-1
- SUSE Security Ratings
- SUSE Bug 1253177
- SUSE Bug 1253178
- SUSE CVE CVE-2025-59777 page
- SUSE CVE CVE-2025-62689 page
Описание
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libmicrohttpd12-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libmicrohttpd12-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmicrohttpd-devel-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libmicrohttpd-devel-0.9.77-150600.3.3.1
Ссылки
- CVE-2025-59777
- SUSE Bug 1253177
Описание
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libmicrohttpd12-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libmicrohttpd12-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmicrohttpd-devel-0.9.77-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libmicrohttpd-devel-0.9.77-150600.3.3.1
Ссылки
- CVE-2025-62689
- SUSE Bug 1253178