Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0258-1

Опубликовано: 22 янв. 2026
Источник: suse-cvrf

Описание

Security update for libsoup2

This update for libsoup2 fixes the following issues:

  • CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
  • CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise Micro 5.3
libsoup-2_4-1-2.74.2-150400.3.19.1
SUSE Linux Enterprise Micro 5.4
libsoup-2_4-1-2.74.2-150400.3.19.1
SUSE Linux Enterprise Micro 5.5
libsoup-2_4-1-2.74.2-150400.3.19.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libsoup-2_4-1-2.74.2-150400.3.19.1
libsoup2-devel-2.74.2-150400.3.19.1
libsoup2-lang-2.74.2-150400.3.19.1
typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1

Ссылки

Описание

A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
Ссылки

Описание

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1
Ссылки