Oracle Linux 10 : libsoup3 (ELSA-2026-15968)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-15968 advisory. - Add patches for CVE-2026-4271 and CVE-2026-5119 - Add patch for CVE-2026-1761 - Fix CVE-2026-0719 - Fix CVE-2025-14523 - Add patch for CVE-2025-121...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1584)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1612)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : libsoup (EulerOS-SA-2026-1316)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-1612)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1371)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libsoup (EulerOS-SA-2026-1402)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : libsoup (ELSA-2026-2628)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2628 advisory. - Fixes CVE-2026-0719 CVE-2026-1761 Orabug: 38958074 - Fix CVE-2025-14523 Orabug: 38873507 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug...

libsoup security update

2.62.2-2.0.11 - Fixes CVE-2026-0719 CVE-2026-1761 Orabug: 38958074 2.62.2-2.0.9 - Fix CVE-2025-14523 Orabug: 38873507 2.62.2-2.0.7 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 2.62.2-2.0.5 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 Orabug: 38085184 - CVE-2025-329...

Oracle Linux 7 : libsoup (ELSA-2026-0925)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0925 advisory. - Fix CVE-2025-14523 Orabug: 38873507 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049...

libsoup security update

2.62.2-2.0.9 - Fix CVE-2025-14523 Orabug: 38873507 2.62.2-2.0.7 - Backport patch for CVE-2025-4945 and CVE-2025-11021 Orabug: 38664275 2.62.2-2.0.5 - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 Orabug: 38085184 - CVE-2025-32906 CVE-2025-32911 CVE-2025-32913 CVE-2025-32914 2.62.2-2.0.3 - Fixe...

Oracle Linux 10 : libsoup3 (ELSA-2026-2182)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2182 advisory. - Fix CVE-2026-0719 - Fix CVE-2025-14523 - Add patch for CVE-2025-12105 Tenable has extracted the preceding description block directly from the Oracle...

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1394)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1394 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, ...

Important: libsoup

Issue Overview: A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one...

libsoup3 security update

3.6.5-9 - Fix CVE-2026-0719 3.6.5-8 - Fix CVE-2025-14523 3.6.5-7 - Add patch for CVE-2025-12105 3.6.5-6 - Fix integer overflow in date/time parsing 3.6.5-5 - Bump revision number 3.6.5-4 - Fix several CVEs...

Amazon Linux 2 : libsoup, --advisory ALAS2-2026-3142 (ALAS-2026-3142)

The version of libsoup installed on the remote host is prior to 2.56.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3142 advisory. A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-sid...

CLSA-2026-1769687040 libsoup: Fix of CVE-2025-14523

CVE-2025-14523: reject duplicate Host headers to prevent request smuggling, cache poisoning, and host-based access control bypass attacks...

RockyLinux 8 : spice-client-win (RLSA-2026:1509)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:1509 advisory. libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 Tenable has extracted the preceding...

spice-client-win security update

An update is available for spice-client-win. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Spice client MSI installers for Windows clients Security Fixes:...

RLSA-2026:1509 Important: spice-client-win security update

Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...