Security update for libmicrohttpd SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4291-1 Final 1 1 2025-11-28T09:06:47Z current 2025-11-28T09:06:47Z 2025-11-28T09:06:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libmicrohttpd This update for libmicrohttpd fixes the following issues: - CVE-2025-59777: Fixed NULL pointer dereference via specially crafted packet sent by an attacker (bsc#1253177) - CVE-2025-62689: Fixed heap-based buffer overflow via specially crafted packet sent by an attacker (bsc#1253178) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4291,SUSE-SLE-Module-Basesystem-15-SP6-2025-4291,SUSE-SLE-Module-Basesystem-15-SP7-2025-4291,SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-4291,SUSE-SLE-Module-Desktop-Applications-15-SP7-2025-4291,openSUSE-SLE-15.6-2025-4291 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254291-1/ Link for SUSE-SU-2025:4291-1 https://lists.suse.com/pipermail/sle-security-updates/2025-November/023423.html E-Mail link for SUSE-SU-2025:4291-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253177 SUSE Bug 1253177 https://bugzilla.suse.com/1253178 SUSE Bug 1253178 https://www.suse.com/security/cve/CVE-2025-59777/ SUSE CVE CVE-2025-59777 page https://www.suse.com/security/cve/CVE-2025-62689/ SUSE CVE CVE-2025-62689 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP6 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 openSUSE Leap 15.6 libmicrohttpd-devel-0.9.77-150600.3.3.1 libmicrohttpd12-0.9.77-150600.3.3.1 libmicrohttpd12-0.9.77-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libmicrohttpd12-0.9.77-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libmicrohttpd-devel-0.9.77-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP6 libmicrohttpd-devel-0.9.77-150600.3.3.1 as a component of SUSE Linux Enterprise Module for Desktop Applications 15 SP7 libmicrohttpd-devel-0.9.77-150600.3.3.1 as a component of openSUSE Leap 15.6 libmicrohttpd12-0.9.77-150600.3.3.1 as a component of openSUSE Leap 15.6 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. CVE-2025-59777 SUSE Linux Enterprise Module for Basesystem 15 SP6:libmicrohttpd12-0.9.77-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libmicrohttpd12-0.9.77-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmicrohttpd-devel-0.9.77-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libmicrohttpd-devel-0.9.77-150600.3.3.1 openSUSE Leap 15.6:libmicrohttpd-devel-0.9.77-150600.3.3.1 openSUSE Leap 15.6:libmicrohttpd12-0.9.77-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254291-1/ https://www.suse.com/security/cve/CVE-2025-59777.html CVE-2025-59777 https://bugzilla.suse.com/1253177 SUSE Bug 1253177 NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition. CVE-2025-62689 SUSE Linux Enterprise Module for Basesystem 15 SP6:libmicrohttpd12-0.9.77-150600.3.3.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libmicrohttpd12-0.9.77-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmicrohttpd-devel-0.9.77-150600.3.3.1 SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libmicrohttpd-devel-0.9.77-150600.3.3.1 openSUSE Leap 15.6:libmicrohttpd-devel-0.9.77-150600.3.3.1 openSUSE Leap 15.6:libmicrohttpd12-0.9.77-150600.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254291-1/ https://www.suse.com/security/cve/CVE-2025-62689.html CVE-2025-62689 https://bugzilla.suse.com/1253178 SUSE Bug 1253178