SUSE-SU-2026:0657-1

Details

This update for libsoup2 fixes the following issues:

CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170).
CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).

Affected Packages

libsoup-2_4-1

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

libsoup2

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

libsoup2-devel

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

libsoup2-lang

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

typelib-1_0-Soup-2_4

SUSE Linux Enterprise Module for Basesystem 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

libsoup-2_4-1-32bit

openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

libsoup2-devel-32bit

openSUSE Leap 15.6

Fixed in:

2.74.3-150600.4.27.1

References

REPORT