Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libsoup-3_0-0-3.0.4-150400.3.34.1
libsoup-devel-3.0.4-150400.3.34.1
libsoup-lang-3.0.4-150400.3.34.1
typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
Ссылки
- Link for SUSE-SU-2026:0689-1
- E-Mail link for SUSE-SU-2026:0689-1
- SUSE Security Ratings
- SUSE Bug 1240751
- SUSE Bug 1258120
- SUSE Bug 1258170
- SUSE Bug 1258508
- SUSE CVE CVE-2025-32049 page
- SUSE CVE CVE-2026-2369 page
- SUSE CVE CVE-2026-2443 page
- SUSE CVE CVE-2026-2708 page
Описание
A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
Ссылки
- CVE-2025-32049
- SUSE Bug 1240751
- SUSE Bug 1250562
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
Ссылки
- CVE-2026-2369
- SUSE Bug 1258120
Описание
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
Ссылки
- CVE-2026-2443
- SUSE Bug 1258170
Описание
unknown
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.34.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.34.1
Ссылки
- CVE-2026-2708
- SUSE Bug 1258508