This update for libsoup2 fixes the following issues:
CVE-2026-1761: incorrect length calculation when parsing of multipart HTTP responses can lead to a stack-based buffer overflow
(bsc#1257598).
CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
Affected Packages
libsoup-2_4-1
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
2.74.3-150600.4.24.1
libsoup2
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
2.74.3-150600.4.24.1
libsoup2-devel
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
2.74.3-150600.4.24.1
libsoup2-lang
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6
Fixed in:
2.74.3-150600.4.24.1
typelib-1_0-Soup-2_4
SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6