libsoup-2_4-1-2.74.3-12.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16304 Final 1 1 2025-07-03T00:00:00Z current 2025-07-03T00:00:00Z 2025-07-03T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsoup-2_4-1-2.74.3-12.1 on GA media These are all security issues fixed in the libsoup-2_4-1-2.74.3-12.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16304 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-4945/ SUSE CVE CVE-2025-4945 page openSUSE Tumbleweed libsoup-2_4-1-2.74.3-12.1 libsoup-2_4-1-32bit-2.74.3-12.1 libsoup2-devel-2.74.3-12.1 libsoup2-devel-32bit-2.74.3-12.1 libsoup2-lang-2.74.3-12.1 typelib-1_0-Soup-2_4-2.74.3-12.1 libsoup-2_4-1-2.74.3-12.1 as a component of openSUSE Tumbleweed libsoup-2_4-1-32bit-2.74.3-12.1 as a component of openSUSE Tumbleweed libsoup2-devel-2.74.3-12.1 as a component of openSUSE Tumbleweed libsoup2-devel-32bit-2.74.3-12.1 as a component of openSUSE Tumbleweed libsoup2-lang-2.74.3-12.1 as a component of openSUSE Tumbleweed typelib-1_0-Soup-2_4-2.74.3-12.1 as a component of openSUSE Tumbleweed A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. CVE-2025-4945 openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-12.1 openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-12.1 openSUSE Tumbleweed:libsoup2-devel-2.74.3-12.1 openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-12.1 openSUSE Tumbleweed:libsoup2-lang-2.74.3-12.1 openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-12.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-4945.html CVE-2025-4945 https://bugzilla.suse.com/1243314 SUSE Bug 1243314