FERRAMENTAS LINUX: Critical libsoup2 Security Update for openSUSE (2025:01864-1) – Patch Denial-of-Service Vulnerabilities Now

quarta-feira, 11 de junho de 2025

Critical libsoup2 Security Update for openSUSE (2025:01864-1) – Patch Denial-of-Service Vulnerabilities Now

 

SUSE

openSUSE users: Urgent security patch for libsoup2 fixes 8 critical CVEs (CVE-2025-4948, CVE-2025-32913, etc.) preventing denial-of-service attacks. Learn how to update via zypper/YaST and secure your Linux system today.

Why This Update Matters

The latest libsoup2 patch (2025:01864-1) addresses eight high-risk vulnerabilities affecting openSUSE, SUSE Linux Enterprise, and related distributions. These flaws could allow attackers to crash systems via NULL pointer dereferencesout-of-bounds reads, or double-free exploits.

Key Risks Patched:

  • CVE-2025-4948: Integer underflow in soup_multipart_new_from_message() leading to DoS.

  • CVE-2025-32906: Out-of-bounds reads in soup_headers_parse_request().

  • CVE-2025-32911: Double-free vulnerability in soup_message_headers_get_content_disposition().
    (Full CVE list below)

Enterprise Impact: Systems running SUSE ManagerSAP Applications, or High-Performance Computing (HPC) environments are particularly vulnerable.

How to Apply the Patch

Recommended Methods

  1. YaST Online Update: Automated patching for enterprise deployments.

  2. zypper patch: Command-line utility for granular control.

Platform-Specific Commands

bash
Copy
Download
# For openSUSE Leap 15.4:  
zypper in -t patch SUSE-2025-1864=1  

# SUSE Linux Enterprise Server 15 SP5:  
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1864=1

(Full command list for all distributions in the table below.)

Vulnerability Details & Technical Analysis

CVE IDRiskAffected FunctionImpact
CVE-2025-4948Criticalsoup_multipart_new_from_message()DoS via integer underflow
CVE-2025-32911Highsoup_message_headers_get_content_disposition()Double-free crash
CVE-2025-32913Highsoup_message_headers_get_content_dispositionNULL pointer dereference

Expert Insight: These flaws stem from improper input validation in HTTP header parsing. Enterprises using libsoup2 for web services should prioritize patching to prevent service disruption.

Package List & Compatibility

Updated packages include:

  • libsoup-2_4-1 (v2.74.2)

  • libsoup2-devel (for developers)

  • typelib-1_0-Soup-2_4 (GNOME integration)

Architecture Support: x86_64, aarch64, ppc64le, s390x.

(Full package matrix available in the SUSE Security Portal.)

FAQs: libsoup2 Security Update

Q: Is this update relevant for cloud deployments?

A: Yes—especially for SUSE Linux Enterprise Micro on AWS/Azure.

Q: Can these vulnerabilities be exploited remotely?

A: Yes, via crafted HTTP requests. Patch immediately.

Q: How to verify the patch was applied?

bash
Copy
Download
zypper patches | grep 2025-1864

Cezar Henrique at
Marcadores: Linux, Android, Segurança , , , ,

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)