Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2025:01794-1 important: libsoup security issues resolved

suse
Calendar Grey June 2, 2025
Dist Suse Esm H88
The recent patch addresses various vulnerabilities in libsoup, specifically focusing on mitigating denial of service threats and enhancing overall security measures for SUSE systems.
* bsc#1241162 * bsc#1241214 * bsc#1241226 * bsc#1241238 * bsc#1241252

Summary

## This update for libsoup fixes the following issues: * CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) * CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) * CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) * CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) * CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) * CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via "params". (bsc#1241238)

Topics%20covered

Topics Covered

security advisory denial of service important SUSE libsoup out of bounds

References

* bsc#1241162

* bsc#1241214

* bsc#1241226

* bsc#1241238

* bsc#1241252

* bsc#1241263

* bsc#1243332

* bsc#1243423

Cross-

* CVE-2025-32906

* CVE-2025-32909

* CVE-2025-32910

* CVE-2025-32911

* CVE-2025-32912

* CVE-2025-32913

* CVE-2025-4948

* CVE-2025-4969

CVSS scores:

* CVE-2025-32906 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2025-32906 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-32909 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-32909 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-32909 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-32910 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:01794-1
Release Date: 2025-06-02T09:04:19Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service important SUSE libsoup out of bounds

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here