libsoup-3_0-0-3.6.5-7.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15633-1 Final 1 1 2025-10-14T00:00:00Z current 2025-10-14T00:00:00Z 2025-10-14T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsoup-3_0-0-3.6.5-7.1 on GA media These are all security issues fixed in the libsoup-3_0-0-3.6.5-7.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15633 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-11021/ SUSE CVE CVE-2025-11021 page openSUSE Tumbleweed libsoup-3_0-0-3.6.5-7.1 libsoup-3_0-0-32bit-3.6.5-7.1 libsoup-devel-3.6.5-7.1 libsoup-devel-32bit-3.6.5-7.1 libsoup-lang-3.6.5-7.1 typelib-1_0-Soup-3_0-3.6.5-7.1 libsoup-3_0-0-3.6.5-7.1 as a component of openSUSE Tumbleweed libsoup-3_0-0-32bit-3.6.5-7.1 as a component of openSUSE Tumbleweed libsoup-devel-3.6.5-7.1 as a component of openSUSE Tumbleweed libsoup-devel-32bit-3.6.5-7.1 as a component of openSUSE Tumbleweed libsoup-lang-3.6.5-7.1 as a component of openSUSE Tumbleweed typelib-1_0-Soup-3_0-3.6.5-7.1 as a component of openSUSE Tumbleweed A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. CVE-2025-11021 openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-7.1 openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-7.1 openSUSE Tumbleweed:libsoup-devel-3.6.5-7.1 openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-7.1 openSUSE Tumbleweed:libsoup-lang-3.6.5-7.1 openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-11021.html CVE-2025-11021 https://bugzilla.suse.com/1250562 SUSE Bug 1250562