SUSE-SU-2026:0257-1

Details

This update for libsoup fixes the following issues:

CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418)
CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).

Affected Packages

libsoup

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

libsoup-3_0-0

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

libsoup-devel

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

libsoup-lang

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

typelib-1_0-Soup-3_0

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

libsoup-3_0-0-32bit

openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

libsoup-devel-32bit

openSUSE Leap 15.6

Fixed in:

3.4.4-150600.3.28.1

References

REPORT