Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- CVE-2025-12105: Fixed heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Manager Proxy LTS 4.3
SUSE Manager Server LTS 4.3
Ссылки
- Link for SUSE-SU-2025:4514-1
- E-Mail link for SUSE-SU-2025:4514-1
- SUSE Security Ratings
- SUSE Bug 1241238
- SUSE Bug 1252555
- SUSE CVE CVE-2025-12105 page
- SUSE CVE CVE-2025-32911 page
Описание
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
Затронутые продукты
Ссылки
- CVE-2025-12105
- SUSE Bug 1252555
Описание
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.
Затронутые продукты
Ссылки
- CVE-2025-32911
- SUSE Bug 1241238
- SUSE Bug 1250562