Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- CVE-2025-12105: Fixed heap use-after-free in message queue handling during HTTP/2 read completion (bsc#1252555)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP7
libsoup-3_0-0-3.4.4-150600.3.21.1
libsoup-devel-3.4.4-150600.3.21.1
libsoup-lang-3.4.4-150600.3.21.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1
SUSE Linux Enterprise Server 15 SP6-LTSS
libsoup-3_0-0-3.4.4-150600.3.21.1
libsoup-devel-3.4.4-150600.3.21.1
libsoup-lang-3.4.4-150600.3.21.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
libsoup-3_0-0-3.4.4-150600.3.21.1
libsoup-devel-3.4.4-150600.3.21.1
libsoup-lang-3.4.4-150600.3.21.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1
openSUSE Leap 15.6
libsoup-3_0-0-3.4.4-150600.3.21.1
libsoup-3_0-0-32bit-3.4.4-150600.3.21.1
libsoup-devel-3.4.4-150600.3.21.1
libsoup-devel-32bit-3.4.4-150600.3.21.1
libsoup-lang-3.4.4-150600.3.21.1
typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1
Ссылки
- Link for SUSE-SU-2026:0017-1
- E-Mail link for SUSE-SU-2026:0017-1
- SUSE Security Ratings
- SUSE Bug 1252555
- SUSE CVE CVE-2025-12105 page
Описание
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missing state synchronization. This leads to a use-after-free memory access, potentially crashing the affected application. Attackers could exploit this behavior remotely by triggering specific HTTP/2 read and cancel sequences, resulting in a denial-of-service condition.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.21.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.21.1
Ссылки
- CVE-2025-12105
- SUSE Bug 1252555