Security update for libsoup SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3752-1 Final 1 1 2025-10-23T10:26:29Z current 2025-10-23T10:26:29Z 2025-10-23T10:26:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup This update for libsoup fixes the following issues: - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read (bsc#1250562). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3752,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-3752,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-3752,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-3752,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-3752,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-3752,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-3752,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-3752,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-3752,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-3752,SUSE-SLE-Product-SUSE-Manager-Server-4.3-LTS-2025-3752 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253752-1/ Link for SUSE-SU-2025:3752-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/022986.html E-Mail link for SUSE-SU-2025:3752-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250562 SUSE Bug 1250562 https://www.suse.com/security/cve/CVE-2025-11021/ SUSE CVE CVE-2025-11021 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Manager Proxy LTS 4.3 SUSE Manager Server LTS 4.3 libsoup-3_0-0-3.0.4-150400.3.18.1 libsoup-3_0-0-32bit-3.0.4-150400.3.18.1 libsoup-3_0-0-64bit-3.0.4-150400.3.18.1 libsoup-devel-3.0.4-150400.3.18.1 libsoup-devel-32bit-3.0.4-150400.3.18.1 libsoup-devel-64bit-3.0.4-150400.3.18.1 libsoup-lang-3.0.4-150400.3.18.1 typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Manager Proxy LTS 4.3 libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Manager Proxy LTS 4.3 libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Manager Proxy LTS 4.3 typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Manager Proxy LTS 4.3 libsoup-3_0-0-3.0.4-150400.3.18.1 as a component of SUSE Manager Server LTS 4.3 libsoup-devel-3.0.4-150400.3.18.1 as a component of SUSE Manager Server LTS 4.3 libsoup-lang-3.0.4-150400.3.18.1 as a component of SUSE Manager Server LTS 4.3 typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 as a component of SUSE Manager Server LTS 4.3 A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. CVE-2025-11021 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.18.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Manager Proxy LTS 4.3:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Manager Proxy LTS 4.3:libsoup-devel-3.0.4-150400.3.18.1 SUSE Manager Proxy LTS 4.3:libsoup-lang-3.0.4-150400.3.18.1 SUSE Manager Proxy LTS 4.3:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 SUSE Manager Server LTS 4.3:libsoup-3_0-0-3.0.4-150400.3.18.1 SUSE Manager Server LTS 4.3:libsoup-devel-3.0.4-150400.3.18.1 SUSE Manager Server LTS 4.3:libsoup-lang-3.0.4-150400.3.18.1 SUSE Manager Server LTS 4.3:typelib-1_0-Soup-3_0-3.0.4-150400.3.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253752-1/ https://www.suse.com/security/cve/CVE-2025-11021.html CVE-2025-11021 https://bugzilla.suse.com/1250562 SUSE Bug 1250562