Security update for libsoup2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:4349-1 Final 1 1 2024-12-17T08:52:28Z current 2024-12-17T08:52:28Z 2024-12-17T08:52:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup2 This update for libsoup2 fixes the following issues: - CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285) - CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292) - CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-4349,SUSE-SLE-Micro-5.3-2024-4349,SUSE-SLE-Micro-5.4-2024-4349,SUSE-SLE-Micro-5.5-2024-4349,SUSE-SLE-Module-Basesystem-15-SP5-2024-4349,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4349,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4349,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4349,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4349,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4349,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4349,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4349,openSUSE-Leap-Micro-5.5-2024-4349,openSUSE-SLE-15.5-2024-4349 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20244349-1/ Link for SUSE-SU-2024:4349-1 https://lists.suse.com/pipermail/sle-security-updates/2024-December/020014.html E-Mail link for SUSE-SU-2024:4349-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233285 SUSE Bug 1233285 https://bugzilla.suse.com/1233287 SUSE Bug 1233287 https://bugzilla.suse.com/1233292 SUSE Bug 1233292 https://www.suse.com/security/cve/CVE-2024-52530/ SUSE CVE CVE-2024-52530 page https://www.suse.com/security/cve/CVE-2024-52531/ SUSE CVE CVE-2024-52531 page https://www.suse.com/security/cve/CVE-2024-52532/ SUSE CVE CVE-2024-52532 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap Micro 5.5 libsoup-2_4-1-2.74.2-150400.3.3.1 libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 libsoup-2_4-1-64bit-2.74.2-150400.3.3.1 libsoup2-devel-2.74.2-150400.3.3.1 libsoup2-devel-32bit-2.74.2-150400.3.3.1 libsoup2-devel-64bit-2.74.2-150400.3.3.1 libsoup2-lang-2.74.2-150400.3.3.1 typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Micro 5.3 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Micro 5.4 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Micro 5.5 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP5 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Manager Proxy 4.3 libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Manager Proxy 4.3 libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Manager Proxy 4.3 typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Manager Proxy 4.3 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of SUSE Manager Server 4.3 libsoup2-devel-2.74.2-150400.3.3.1 as a component of SUSE Manager Server 4.3 libsoup2-lang-2.74.2-150400.3.3.1 as a component of SUSE Manager Server 4.3 typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of SUSE Manager Server 4.3 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of openSUSE Leap 15.5 libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 as a component of openSUSE Leap 15.5 libsoup2-devel-2.74.2-150400.3.3.1 as a component of openSUSE Leap 15.5 libsoup2-devel-32bit-2.74.2-150400.3.3.1 as a component of openSUSE Leap 15.5 libsoup2-lang-2.74.2-150400.3.3.1 as a component of openSUSE Leap 15.5 typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 as a component of openSUSE Leap 15.5 libsoup-2_4-1-2.74.2-150400.3.3.1 as a component of openSUSE Leap Micro 5.5 GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the same as a "Transfer-Encoding: chunked" header. CVE-2024-52530 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup-2_4-1-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-devel-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-devel-32bit-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-lang-2.74.2-150400.3.3.1 openSUSE Leap 15.5:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 openSUSE Leap Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244349-1/ https://www.suse.com/security/cve/CVE-2024-52530.html CVE-2024-52530 https://bugzilla.suse.com/1233285 SUSE Bug 1233285 GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this. CVE-2024-52531 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup-2_4-1-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-devel-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-devel-32bit-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-lang-2.74.2-150400.3.3.1 openSUSE Leap 15.5:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 openSUSE Leap Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244349-1/ https://www.suse.com/security/cve/CVE-2024-52531.html CVE-2024-52531 https://bugzilla.suse.com/1233285 SUSE Bug 1233285 https://bugzilla.suse.com/1233292 SUSE Bug 1233292 GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. CVE-2024-52532 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Manager Proxy 4.3:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup-2_4-1-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup2-devel-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:libsoup2-lang-2.74.2-150400.3.3.1 SUSE Manager Server 4.3:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup-2_4-1-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup-2_4-1-32bit-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-devel-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-devel-32bit-2.74.2-150400.3.3.1 openSUSE Leap 15.5:libsoup2-lang-2.74.2-150400.3.3.1 openSUSE Leap 15.5:typelib-1_0-Soup-2_4-2.74.2-150400.3.3.1 openSUSE Leap Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20244349-1/ https://www.suse.com/security/cve/CVE-2024-52532.html CVE-2024-52532 https://bugzilla.suse.com/1233285 SUSE Bug 1233285 https://bugzilla.suse.com/1233287 SUSE Bug 1233287