libsoup-2_4-1-2.74.3-8.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16080 Final 1 1 2025-04-23T00:00:00Z current 2025-04-23T00:00:00Z 2025-04-23T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsoup-2_4-1-2.74.3-8.1 on GA media These are all security issues fixed in the libsoup-2_4-1-2.74.3-8.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16080 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-2784/ SUSE CVE CVE-2025-2784 page https://www.suse.com/security/cve/CVE-2025-32050/ SUSE CVE CVE-2025-32050 page https://www.suse.com/security/cve/CVE-2025-32052/ SUSE CVE CVE-2025-32052 page https://www.suse.com/security/cve/CVE-2025-32053/ SUSE CVE CVE-2025-32053 page openSUSE Tumbleweed libsoup-2_4-1-2.74.3-8.1 libsoup-2_4-1-32bit-2.74.3-8.1 libsoup2-devel-2.74.3-8.1 libsoup2-devel-32bit-2.74.3-8.1 libsoup2-lang-2.74.3-8.1 typelib-1_0-Soup-2_4-2.74.3-8.1 libsoup-2_4-1-2.74.3-8.1 as a component of openSUSE Tumbleweed libsoup-2_4-1-32bit-2.74.3-8.1 as a component of openSUSE Tumbleweed libsoup2-devel-2.74.3-8.1 as a component of openSUSE Tumbleweed libsoup2-devel-32bit-2.74.3-8.1 as a component of openSUSE Tumbleweed libsoup2-lang-2.74.3-8.1 as a component of openSUSE Tumbleweed typelib-1_0-Soup-2_4-2.74.3-8.1 as a component of openSUSE Tumbleweed A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server. CVE-2025-2784 openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-8.1 openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-lang-2.74.3-8.1 openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-2784.html CVE-2025-2784 https://bugzilla.suse.com/1240750 SUSE Bug 1240750 A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. CVE-2025-32050 openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-8.1 openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-lang-2.74.3-8.1 openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32050.html CVE-2025-32050 https://bugzilla.suse.com/1240752 SUSE Bug 1240752 A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. CVE-2025-32052 openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-8.1 openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-lang-2.74.3-8.1 openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32052.html CVE-2025-32052 https://bugzilla.suse.com/1240756 SUSE Bug 1240756 A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. CVE-2025-32053 openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-8.1 openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-8.1 openSUSE Tumbleweed:libsoup2-lang-2.74.3-8.1 openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-8.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32053.html CVE-2025-32053 https://bugzilla.suse.com/1240757 SUSE Bug 1240757