Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE 15:01802-1 important: libsoup2 patch for DoS and memory issues

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
Critical patches released for libsoup2 vulnerabilities impacting SUSE systems. Ensure you update promptly for your security!
* bsc#1241162 * bsc#1241214 * bsc#1241226 * bsc#1241238 * bsc#1241252

Summary

## This update for libsoup2 fixes the following issues: * CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332) * CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423) * CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263) * CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226) * CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252) * CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via "params". (bsc#1241238)

Topics%20covered

Topics Covered

security advisory denial of service software update important out of bounds libsoup2

References

* bsc#1241162

* bsc#1241214

* bsc#1241226

* bsc#1241238

* bsc#1241252

* bsc#1241263

* bsc#1243332

* bsc#1243423

Cross-

* CVE-2025-32906

* CVE-2025-32909

* CVE-2025-32910

* CVE-2025-32911

* CVE-2025-32912

* CVE-2025-32913

* CVE-2025-4948

* CVE-2025-4969

CVSS scores:

* CVE-2025-32906 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

* CVE-2025-32906 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-32909 ( SUSE ): 8.8

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-32909 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2025-32909 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-32910 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:01802-1
Release Date: 2025-06-03T01:15:23Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service software update important out of bounds libsoup2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here