Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2024:4349-1

UNKNOWN

Security update for libsoup2

Published Dec 17, 2024

Modified 1 years ago

Fix available

Details

This update for libsoup2 fixes the following issues:

CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)

Affected Packages

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOSlibsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOStypelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSSlibsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSStypelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Micro 5.3libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Micro 5.3libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Micro 5.4libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Micro 5.4libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Micro 5.5libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Micro 5.5libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Module for Basesystem 15 SP5libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Module for Basesystem 15 SP5libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Module for Basesystem 15 SP5libsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Module for Basesystem 15 SP5libsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Module for Basesystem 15 SP5typelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server 15 SP4-LTSSlibsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server 15 SP4-LTSStypelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4libsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Linux Enterprise Server for SAP Applications 15 SP4typelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Proxy 4.3libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Proxy 4.3libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Proxy 4.3libsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Proxy 4.3libsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Proxy 4.3typelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Server 4.3libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Server 4.3libsoup2

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Server 4.3libsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Server 4.3libsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

SUSE:Manager Server 4.3typelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5libsoup-2_4-1-32bit

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5libsoup2

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5libsoup2-devel

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5libsoup2-devel-32bit

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5libsoup2-lang

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap 15.5typelib-1_0-Soup-2_4

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap Micro 5.5libsoup-2_4-1

Fixed in:

2.74.2-150400.3.3.1

openSUSE:Leap Micro 5.5libsoup2

Fixed in:

2.74.2-150400.3.3.1

References

REPORThttps://bugzilla.suse.com/1233285 REPORThttps://bugzilla.suse.com/1233287 REPORThttps://bugzilla.suse.com/1233292 WEBhttps://www.suse.com/security/cve/CVE-2024-52530 WEBhttps://www.suse.com/security/cve/CVE-2024-52531 WEBhttps://www.suse.com/security/cve/CVE-2024-52532 ADVISORYhttps://www.suse.com/support/update/announcement/2024/suse-su-20244349-1/

Upstream

CVE-2024-52530 CVE-2024-52531 CVE-2024-52532

Related

CVE-2024-52530 CVE-2024-52531 CVE-2024-52532

Ecosystems

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Basesystem 15 SP5 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Manager Proxy 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.5 openSUSE Leap Micro 5.5

Timeline

PublishedDec 17, 2024

ModifiedDec 17, 2024

SUSE-SU-2024:4349-1 | Mondoo Vulnerability Intelligence