Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2026:20142-1

Опубликовано: 30 янв. 2026
Источник: suse-cvrf

Описание

Security update for libsoup

This update for libsoup fixes the following issues:

  • CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562).
  • CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).
  • CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418).

Список пакетов

openSUSE Leap 16.0
libsoup-3_0-0-3.6.5-160000.3.1
libsoup-devel-3.6.5-160000.3.1
libsoup-lang-3.6.5-160000.3.1
typelib-1_0-Soup-3_0-3.6.5-160000.3.1

Ссылки

Описание

A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup.

Затронутые продукты
openSUSE Leap 16.0:libsoup-3_0-0-3.6.5-160000.3.1
openSUSE Leap 16.0:libsoup-devel-3.6.5-160000.3.1
openSUSE Leap 16.0:libsoup-lang-3.6.5-160000.3.1
openSUSE Leap 16.0:typelib-1_0-Soup-3_0-3.6.5-160000.3.1
Ссылки

Описание

A flaw was found in libsoup's WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup's WebSocket support with this configuration may be impacted.

Затронутые продукты
openSUSE Leap 16.0:libsoup-3_0-0-3.6.5-160000.3.1
openSUSE Leap 16.0:libsoup-devel-3.6.5-160000.3.1
openSUSE Leap 16.0:libsoup-lang-3.6.5-160000.3.1
openSUSE Leap 16.0:typelib-1_0-Soup-3_0-3.6.5-160000.3.1
Ссылки

Описание

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.

Затронутые продукты
openSUSE Leap 16.0:libsoup-3_0-0-3.6.5-160000.3.1
openSUSE Leap 16.0:libsoup-devel-3.6.5-160000.3.1
openSUSE Leap 16.0:libsoup-lang-3.6.5-160000.3.1
openSUSE Leap 16.0:typelib-1_0-Soup-3_0-3.6.5-160000.3.1
Ссылки