Security update for libsoup SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3753-1 Final 1 1 2025-10-23T10:26:39Z current 2025-10-23T10:26:39Z 2025-10-23T10:26:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup This update for libsoup fixes the following issues: - CVE-2025-11021: Ignored invalid date when processing cookies to prevent out-of-bounds read (bsc#1250562). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3753,SUSE-SLE-Module-Basesystem-15-SP6-2025-3753,SUSE-SLE-Module-Basesystem-15-SP7-2025-3753,openSUSE-SLE-15.6-2025-3753 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253753-1/ Link for SUSE-SU-2025:3753-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/022985.html E-Mail link for SUSE-SU-2025:3753-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250562 SUSE Bug 1250562 https://www.suse.com/security/cve/CVE-2025-11021/ SUSE CVE CVE-2025-11021 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 libsoup-3_0-0-3.4.4-150600.3.18.1 libsoup-3_0-0-32bit-3.4.4-150600.3.18.1 libsoup-3_0-0-64bit-3.4.4-150600.3.18.1 libsoup-devel-3.4.4-150600.3.18.1 libsoup-devel-32bit-3.4.4-150600.3.18.1 libsoup-devel-64bit-3.4.4-150600.3.18.1 libsoup-lang-3.4.4-150600.3.18.1 typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 libsoup-3_0-0-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsoup-devel-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsoup-lang-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libsoup-3_0-0-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup-devel-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup-lang-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup-3_0-0-3.4.4-150600.3.18.1 as a component of openSUSE Leap 15.6 libsoup-3_0-0-32bit-3.4.4-150600.3.18.1 as a component of openSUSE Leap 15.6 libsoup-devel-3.4.4-150600.3.18.1 as a component of openSUSE Leap 15.6 libsoup-devel-32bit-3.4.4-150600.3.18.1 as a component of openSUSE Leap 15.6 libsoup-lang-3.4.4-150600.3.18.1 as a component of openSUSE Leap 15.6 typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 as a component of openSUSE Leap 15.6 A flaw was found in the cookie date handling logic of the libsoup HTTP library, widely used by GNOME and other applications for web communication. When processing cookies with specially crafted expiration dates, the library may perform an out-of-bounds memory read. This flaw could result in unintended disclosure of memory contents, potentially exposing sensitive information from the process using libsoup. CVE-2025-11021 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-3_0-0-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-devel-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libsoup-lang-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.18.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.18.1 openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.18.1 openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.18.1 openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.18.1 openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.18.1 openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.18.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253753-1/ https://www.suse.com/security/cve/CVE-2025-11021.html CVE-2025-11021 https://bugzilla.suse.com/1250562 SUSE Bug 1250562