Security update for libsoup SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20965-1 Final 1 1 2025-10-30T13:31:46Z current 2025-10-30T13:31:46Z 2025-10-30T13:31:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup This update for libsoup fixes the following issues: - CVE-2025-11021: Ignore invalid date when processing cookies to prevent out-of-bounds read (bsc#1250562). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-325 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520965-1/ Link for SUSE-SU-2025:20965-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023223.html E-Mail link for SUSE-SU-2025:20965-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250562 SUSE Bug 1250562 https://www.suse.com/security/cve/CVE-2025-11021/ SUSE CVE CVE-2025-11021 page SUSE Linux Micro 6.1 libsoup-3_0-0-3.4.4-slfo.1.1_5.1 libsoup-3_0-0-3.4.4-slfo.1.1_5.1 as a component of SUSE Linux Micro 6.1 A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. CVE-2025-11021 SUSE Linux Micro 6.1:libsoup-3_0-0-3.4.4-slfo.1.1_5.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520965-1/ https://www.suse.com/security/cve/CVE-2025-11021.html CVE-2025-11021 https://bugzilla.suse.com/1250562 SUSE Bug 1250562