CLSA-2026-1771519029 libsoup: Fix of 2 CVEs

CVE-2026-1761: fix stack-based buffer overflow in multipart HTTP response parsing caused by incorrect length calculation in soupfilterinputstreamreaduntil - CVE-2026-0719: fix stack-based buffer overflow in NTLM authentication caused by integer overflow in md4sum with excessively long passwords...

OESA-2026-1324 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

OESA-2026-1323 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

SUSE SLES15 Security Update : libsoup2 (SUSE-SU-2026:0258-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0258-1 advisory. - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0719: Fixed overflow for...

SUSE SLES15 Security Update : libsoup (SUSE-SU-2026:0211-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0211-1 advisory. - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0716: Fixed out-of-bounds...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

SUSE-SU-2026:0257-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876...

Security update for libsoup2

This update for libsoup2 fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation method...

SUSE-SU-2026:0253-1 Security update for libsoup2

This update for libsoup2 fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To insta...

SUSE-SU-2026:0211-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update bsc1254876. - CVE-2026-0716: Fixed out-of-bounds read for websocket bsc1256418 - CVE-2026-0719: Fixed overflow for password md4sum bsc1256399...

SUSE-SU-2026:20360-1 Security update for libsoup

This update for libsoup fixes the following issues: - CVE-2025-14523: flaw in HTTP header handling can lead to host header parsing discrepancy between servers and proxies and allow for request smuggling, cache poisoning and bypass of access controls bsc1254876. - CVE-2025-12105: heap use-after-fr...

Security update for libsoup

This update for libsoup fixes the following issues: CVE-2025-14523: Reject duplicated Host in headers and followed upsteram update bsc1254876. CVE-2026-0719: Fixed overflow for password md4sum bsc1256399 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

CVE-2026-0719

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2026-0719 Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2026-0719 Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

CVE-2026-0719

CVE-2026-0719 is a libsoup NTLM handling flaw that can overflow an internal size calculation when processing very long passwords, causing a stack memory overrun and potential crash/denial of service. The affected component is the libsoup HTTP client/server library used by GNOME and related applic...

CVE-2026-0719

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in...

libsoup 安全漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A security vulnerability exists in libsoup, which stems from a stack buffer overflow in the md4sum function in the NTLM authentication module, which could lead to the execution of arbitrary code...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the md4sum function of the NTLM authentication module. An attacker can execute arbitrary code with the privileges of the affected application. Remediation A fix was pushed into the master branch but not ye...