SUSE-SU-2024:4352-1

HIGH7.5

Security update for libsoup

Published Dec 17, 2024

Modified 1 years ago

Fix available

Details

Description of the patch:

This update for libsoup fixes the following issues:

CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)

Other fixes:

websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391).
fix an intermittent test failure (glgo#GNOME/soup#399).
Increase test timeout on s390x. The http2-body-stream test can be slow and sometimes times out in our builds.

Affected Packages

libsoup-3_0-0

SUSE Linux Enterprise Desktop 15 SP5SUSE Linux Enterprise High Performance Computing 15 SP4SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP5

Fixed in:

3.0.4-150400.3.3.1

libsoup-devel

Fixed in:

3.0.4-150400.3.3.1

libsoup-lang

Fixed in:

3.0.4-150400.3.3.1

typelib-1_0-Soup-3_0

Fixed in:

3.0.4-150400.3.3.1

libsoup-3_0-0-32bit