RHSA-2026:22716 Red Hat Security Advisory: libsoup security update

Bulletin has no description...

RHSA-2026:22316 Red Hat Security Advisory: libsoup security update

Bulletin has no description...

RHEL 9 : libsoup (RHSA-2026:21686)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21686 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Information disclosure via cleartext...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libsoup (UTSA-2026-015475)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015475 advisory. A flaw was found in libsoups WebSocket frame processing when handling incoming messages. If a non- default configuration is used where the maximum incoming payload...

OESA-2026-2029 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw was found in libsoup. When establishing HTTPS tunnels through a configur...

CLSA-2026-1776763201 libsoup: Fix of 2 CVEs

CVE-2026-1467: validate URI host characters when checking if a URI is valid - CVE-2026-1539: fix proxy credentials leak on cross-origin HTTP redirect...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the soupmessagenew function. An attacker can manipulate HTTP headers and request data by supplying specially crafted input containing CRLF sequences. Remediation A fix was pushed into the master branch but not yet...

Libsoup Vulnerable to Integer Overflow via Cookie Expiration Date Handling in Cookie Parsing Logic and Vulnerable to Information Exposure via Out-of-Bounds Read in HTTP Library Component

CVE-2025-4945 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises when processing the expiration date of cookies, where a specially crafted value can trigger an integer overflow. This may result in...

[SECURITY] Fedora 43 Update: mingw-libsoup-2.74.3-17.fc43

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

UBUNTU-CVE-2026-2443

A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...

Alibaba Cloud Linux 3 : 0037: spice-client-win (ALINUX3-SA-2026:0037)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-14523: A flaw in libsoups HTTP...

Security Bulletin: Vulnerabilities in libsoup library (CVE-2025-4945, CVE-2025-11021) affect Power HMC.

Summary The libsoup library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-4945 DESCRIPTION: A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The...

Important: Red Hat Security Advisory: libsoup security update

An update for libsoup is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

AZL-76736 CVE-2026-1801 affecting package libsoup 3.0.4-12

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

RLSA-2026:1509 Important: spice-client-win security update

Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

CVE-2026-1539

A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different...

[SECURITY] Fedora 42 Update: mingw-libsoup-2.74.3-16.fc42

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

RHEL 9 : libsoup (RHSA-2026:0906)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0906 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...

CVE-2026-0716

A flaw was found in libsoup’s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash...

libsoup-2_4-1-2.74.3-13.1 on GA media (moderate)

libsoup-24-1-2.74.3-13.1 on GA media Announcement ID: openSUSE-SU-2026:10024-1 Rating: moderate Cross-References: CVE-2025-14523 CVSS scores: CVE-2025-14523 SUSE : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N CVE-2025-14523 SUSE : 8.3...