Urgent SUSE Linux security update fixes 8 libsoup vulnerabilities (CVE-2025-2784, CVE-2025-32050, etc.) with CVSS scores up to 8.7. Learn how to patch heap overflows, memory leaks, and HTTP exploits affecting Enterprise Storage, HPC, and SAP systems.
Why This Update Matters
A high-priority security patch for libsoup (the GNOME HTTP client/library) addresses eight critical vulnerabilities impacting SUSE Linux Enterprise systems, including:
Remote code execution risks (CVE-2025-2784: CVSS 8.3)
Memory corruption exploits (CVE-2025-32052/32053: CVSS 6.9)
HTTP authorization leaks (CVE-2025-46421: CVSS 6.8)
Affected Products:
✔ SUSE Linux Enterprise Server 15 SP3 (LTSS)
✔ SUSE Enterprise Storage 7.1
✔ SAP Applications 15 SP3
✔ MicroOS/Rancher 5.2
Vulnerability Breakdown & Risks
1. Heap Buffer Exploits (Critical)
CVE-2025-2784: Attackers can trigger heap buffer over-reads during content sniffing, enabling data theft.
CVE-2025-32052/32053: Heap overflows in sniff_unknown() and skip_insignificant_space() may lead to service crashes or RCE.
CVE-2025-2784: Attackers can trigger heap buffer over-reads during content sniffing, enabling data theft.
CVE-2025-32052/32053: Heap overflows in sniff_unknown() and skip_insignificant_space() may lead to service crashes or RCE.
2. Memory & Performance Issues (High)
CVE-2025-32907: Denial-of-service via excessive memory consumption from malicious HTTP range requests.
CVE-2025-46420: Memory leaks in soup_header_parse_quality_list() degrade system stability.
CVE-2025-32907: Denial-of-service via excessive memory consumption from malicious HTTP range requests.
CVE-2025-46420: Memory leaks in soup_header_parse_quality_list() degrade system stability.
3. Security Bypasses (Medium-High)
CVE-2025-46421: HTTP Authorization header leaks during redirects expose credentials.
CVE-2025-32914: Out-of-bounds read in multipart message parsing.
CVE-2025-46421: HTTP Authorization header leaks during redirects expose credentials.
CVE-2025-32914: Out-of-bounds read in multipart message parsing.
Patch Instructions
For Sysadmins & DevOps Teams
Apply updates immediately using:
# HPC LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-1519=1 # SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-1519=1
Alternative Methods: YaST Online Update or zypper patch.
FAQs
Q: How urgent is this update?
A: Critical for systems exposed to untrusted HTTP traffic (e.g., web servers, APIs).
Q: Which CVEs have the highest risk?
A: CVE-2025-2784 (CVSS 8.3) and CVE-2025-32907 (CVSS 8.7) pose remote exploitation risks.
Q: Are cloud deployments affected?
A: Yes, especially SUSE MicroOS/Rancher and Enterprise Storage clusters
Nenhum comentário:
Postar um comentário