32 matches found
CVE-2026-34525
AIOHTTP (async HTTP client/server for asyncio and Python) before version 3.13.4 allowed multiple Host headers due to its header handling. This issue has been fixed in version 3.13.4. Affected component: Host header processing in aiohttp prior to 3.13.4. Remediation: upgrade to 3.13.4 or later. Ex...
OPENSUSE-SU-2026:20384-1 Security update for libsoup
This update for libsoup fixes the following issues: Update to libsoup 3.6.6: - CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion bsc1252555. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049:...
OPENSUSE-SU-2026:20354-1 Security update for libsoup2
This update for libsoup2 fixes the following issues: - CVE-2025-4476: null pointer dereference may lead to denial of service bsc1243422. - CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy bsc1254876. - CVE-2025-32049: Denial of Service attack to websocket server...
OESA-2026-1326 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...
OESA-2026-1324 libsoup security update
libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...
RLSA-2026:1509 Important: spice-client-win security update
Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy First- vs Last-Value Wins CVE-2025-14523 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...
RHEL 8 : spice-client-win (RHSA-2026:1569)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1569 advisory. Spice client MSI installers for Windows clients Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy Firs...
Security update for libsoup2
This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...
SUSE-SU-2026:0211-1 Security update for libsoup
This update for libsoup fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...
RHEL 7 : libsoup (RHSA-2026:0925)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0925 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...
Important: Red Hat Security Advisory: libsoup security update
An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...
libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...
RHEL 9 : libsoup (RHSA-2026:0908)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0908 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...
RHEL 9 : libsoup (RHSA-2026:0906)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0906 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...
RHEL 8 : libsoup (RHSA-2026:0909)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0909 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...
RHEL 8 : libsoup (RHSA-2026:0905)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:0905 advisory. The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: libsoup: Duplicate Host Header Handling Causes...