openSUSE 15.6: 2025:1504-1 important: libsoup buffer over-read and more

opensuse

May 7, 2025

An update that solves 16 vulnerabilities can now be installed.

Description

This update for libsoup fixes the following issues:

* CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space`

when sniffing conten (bsc#1240750)

* CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)

* CVE-2025-32051: Fixed segmentation fault when parsing malformed data URI

(bsc#1240754)

* CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)

* CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and

skip_insignificant_space() (bsc#1240757)

* CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request()

(bsc#1241263)

* CVE-2025-32907: Fixed excessive memory consumption in server when client

requests a large amount of overlapping ranges in a single HTTP request

(bsc#1241222)

* CVE-2025-32908: Fixed HTTP request may lead to server crash due to HTTP/2

server not fully validating the values of pseudo-headers (bsc#1241223)

* CVE-2025-32909: Fixed NULL...

Read the Full Advisory

Topics Covered

security advisory buffer overflow cross-site scripting memory leak libsoup openSUSE

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2025-1504=1 openSUSE-SLE-15.6-2025-1504=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-1504=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* libsoup-debugsource-3.4.4-150600.3.7.1

* libsoup-3_0-0-debuginfo-3.4.4-150600.3.7.1

* libsoup-devel-3.4.4-150600.3.7.1

* typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1

* libsoup-3_0-0-3.4.4-150600.3.7.1

* openSUSE Leap 15.6 (x86_64)

* libsoup-3_0-0-32bit-3.4.4-150600.3.7.1

* libsoup-devel-32bit-3.4.4-150600.3.7.1

* libsoup-3_0-0-32bit-debuginfo-3.4.4-150600.3.7.1

* openSUSE Leap 15.6 (noarch)

* libsoup-lang-3.4.4-150600.3.7.1

* openSUSE Leap 15.6 (aarch64_ilp32)

* libsoup-3_0-0-64bit-3.4.4-150600.3.7.1

* libsoup-devel-64bit-3.4.4-150600.3.7.1

* libsoup-3_0-0-64bit-debuginfo-3.4.4-150600.3.7.1

* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)

* libsoup-debugsource-3.4.4-150600.3.7.1

* libsoup-3_0-0-debuginfo-3.4.4-150600.3.7.1

* libsoup-devel-3.4.4-150600.3.7.1

* typelib-1_0-Soup-3_0-3.4.4-150600.3.7.1

* libsoup-3_0-0-3.4.4-150600.3.7.1

* Basesystem Module 15-SP6 (noarch)

* libsoup-lang-3.4.4-150600.3.7.1

References

* bsc#1240750

* bsc#1240752

* bsc#1240754

* bsc#1240756

* bsc#1240757

* bsc#1241162

* bsc#1241164

* bsc#1241214

* bsc#1241222

* bsc#1241223

* bsc#1241226

* bsc#1241238

* bsc#1241252

* bsc#1241263

* bsc#1241686

* bsc#1241688

## References:

* https://www.suse.com/security/cve/CVE-2025-2784.html

* https://www.suse.com/security/cve/CVE-2025-32050.html

* https://www.suse.com/security/cve/CVE-2025-32051.html

* https://www.suse.com/security/cve/CVE-2025-32052.html

* https://www.suse.com/security/cve/CVE-2025-32053.html

* https://www.suse.com/security/cve/CVE-2025-32906.html

* https://www.suse.com/security/cve/CVE-2025-32907.html

* https://www.suse.com/security/cve/CVE-2025-32908.html

* https://www.suse.com/security/cve/CVE-2025-32909.html

* https://www.suse.com/security/cve/CVE-2025-32910.html

* https://www.suse.com/security/cve/CVE-2025-32911.html

* https://www.suse.com/security/cve/CVE-2025-32912.html

* https://www.suse.com/security/cve/CVE-2025-32913.html

* https://www.suse.com/security/cve/CVE-2025-32914.html

*...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:1504-1

Release Date: 2025-05-07T12:06:19Z

Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics Covered

security advisory buffer overflow cross-site scripting memory leak libsoup openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE 15.6: 2025:1504-1 important: libsoup buffer over-read and more

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE 15.6: 2025:1504-1 important: libsoup buffer over-read and more

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!