Security update for libmicrohttpd SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20016-1 Final 1 1 2026-01-12T11:14:46Z current 2026-01-12T11:14:46Z 2026-01-12T11:14:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libmicrohttpd This update for libmicrohttpd fixes the following issues: - CVE-2025-62689: Fixed heap-based buffer overflow through a specially crafted packet (bsc#1253178) - CVE-2025-59777: Fixed NULL pointer dereference through a specially crafted packet (bsc#1253177) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-130 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253177 SUSE Bug 1253177 https://bugzilla.suse.com/1253178 SUSE Bug 1253178 https://www.suse.com/security/cve/CVE-2025-59777/ SUSE CVE CVE-2025-59777 page https://www.suse.com/security/cve/CVE-2025-62689/ SUSE CVE CVE-2025-62689 page openSUSE Leap 16.0 libmicrohttpd-devel-1.0.1-160000.3.1 libmicrohttpd12-1.0.1-160000.3.1 libmicrohttpd-devel-1.0.1-160000.3.1 as a component of openSUSE Leap 16.0 libmicrohttpd12-1.0.1-160000.3.1 as a component of openSUSE Leap 16.0 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. CVE-2025-59777 openSUSE Leap 16.0:libmicrohttpd-devel-1.0.1-160000.3.1 openSUSE Leap 16.0:libmicrohttpd12-1.0.1-160000.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-59777.html CVE-2025-59777 https://bugzilla.suse.com/1253177 SUSE Bug 1253177 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. CVE-2025-62689 openSUSE Leap 16.0:libmicrohttpd-devel-1.0.1-160000.3.1 openSUSE Leap 16.0:libmicrohttpd12-1.0.1-160000.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-62689.html CVE-2025-62689 https://bugzilla.suse.com/1253178 SUSE Bug 1253178