Security update for libsoup2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02277-1 Final 1 1 2025-07-10T14:35:27Z current 2025-07-10T14:35:27Z 2025-07-10T14:35:27Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup2 This update for libsoup2 fixes the following issues: - CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2277,SUSE-SLE-Module-Basesystem-15-SP6-2025-2277,SUSE-SLE-Module-Basesystem-15-SP7-2025-2277,openSUSE-SLE-15.6-2025-2277 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502277-1/ Link for SUSE-SU-2025:02277-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040675.html E-Mail link for SUSE-SU-2025:02277-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243314 SUSE Bug 1243314 https://www.suse.com/security/cve/CVE-2025-4945/ SUSE CVE CVE-2025-4945 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 libsoup-2_4-1-2.74.3-150600.4.12.1 libsoup-2_4-1-32bit-2.74.3-150600.4.12.1 libsoup-2_4-1-64bit-2.74.3-150600.4.12.1 libsoup2-devel-2.74.3-150600.4.12.1 libsoup2-devel-32bit-2.74.3-150600.4.12.1 libsoup2-devel-64bit-2.74.3-150600.4.12.1 libsoup2-lang-2.74.3-150600.4.12.1 typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 libsoup-2_4-1-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsoup2-devel-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsoup2-lang-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsoup-2_4-1-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup2-devel-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup2-lang-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup-2_4-1-2.74.3-150600.4.12.1 as a component of openSUSE Leap 15.6 libsoup-2_4-1-32bit-2.74.3-150600.4.12.1 as a component of openSUSE Leap 15.6 libsoup2-devel-2.74.3-150600.4.12.1 as a component of openSUSE Leap 15.6 libsoup2-devel-32bit-2.74.3-150600.4.12.1 as a component of openSUSE Leap 15.6 libsoup2-lang-2.74.3-150600.4.12.1 as a component of openSUSE Leap 15.6 typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 as a component of openSUSE Leap 15.6 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in undefined behavior, allowing an attacker to bypass cookie expiration logic, causing persistent or unintended cookie behavior. The issue stems from improper validation of large integer inputs during date arithmetic operations within the cookie parsing routines. CVE-2025-4945 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-2_4-1-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-devel-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup2-lang-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.12.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.12.1 openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.12.1 openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.12.1 openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.12.1 openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.12.1 openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.12.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502277-1/ https://www.suse.com/security/cve/CVE-2025-4945.html CVE-2025-4945 https://bugzilla.suse.com/1243314 SUSE Bug 1243314