SUSE releases critical security update (SUSE-SU-2025:1510-1) patching 14 libsoup vulnerabilities, including RCE & DoS flaws (CVSS 8.8). Affects SUSE Linux Enterprise, openSUSE Leap, and SUSE Manager. Learn how to protect your systems now.
SUSE has released a high-priority security update (SUSE-SU-2025:1510-1) addressing 14 critical vulnerabilities in libsoup, a core HTTP library used in Linux distributions. These flaws, including remote code execution (RCE), memory leaks, and denial-of-service (DoS) risks, affect SUSE Linux Enterprise, openSUSE Leap, and SUSE Manager deployments.
🔍 Key Vulnerabilities Patched
The update resolves the following CVSS 8.8+ rated threats:
✅ CVE-2025-32909 (CVSS 8.8) – NULL pointer dereference in sniff_mp4, allowing remote crashes.
✅ CVE-2025-32907 (CVSS 8.7) – Excessive memory consumption via HTTP range-request attacks.
✅ CVE-2025-2784 (CVSS 8.3) – Heap buffer over-read in skip_insignificant_space.
✅ CVE-2025-46421 (CVSS 6.8) – HTTP Authorization header leak via redirects.
(Full list of CVE details below.)
🚨 Affected Products
This patch applies to:
SUSE Linux Enterprise Server 15 SP4/SP5
SUSE Manager 4.3 (Proxy/Server/Retail)
openSUSE Leap 15.4
High-Performance Computing (HPC) variants
Enterprise users running SAP applications or LTSS should prioritize installation.
🛠️ How to Apply the Patch
Recommended Methods:
YaST Online Update (GUI)
Command Line (zypper):
zypper in -t patch SUSE-2025-1510=1
📊 Technical Impact Analysis
| Vulnerability | Risk | CVSS | Affected Component |
|---|---|---|---|
| CVE-2025-32909 | RCE/DoS | 8.8 | soup-content-sniffer.c |
| CVE-2025-32052 | Heap Overflow | 6.9 | sniff_unknown() |
| CVE-2025-46420 | Memory Leak | 6.5 | soup-headers.c |
Why This Matters:
Exploits could lead to server compromise or data exfiltration.
Financial/Healthcare sectors using SUSE are at heightened risk.
🔗 References & Further Reading
Q: Is this update backward-compatible?
A: Yes, but test in staging first for mission-critical systems.
Q: Are containers affected?
A: Only if using vulnerable host libsoup versions.
Q: How urgent is deployment?
A: Critical for internet-facing servers.
Nenhum comentário:
Postar um comentário