SUSE-SU-2026:0703-1

Details

This update for libsoup fixes the following issues:

CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers (bsc#1258170).
CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).

Affected Packages

libsoup

SUSE Linux Enterprise Server 12 SP5-LTSSSUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Fixed in:

2.62.2-5.34.1

libsoup-2_4-1

SUSE Linux Enterprise Server 12 SP5-LTSSSUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Fixed in:

2.62.2-5.34.1

libsoup-2_4-1-32bit

SUSE Linux Enterprise Server 12 SP5-LTSSSUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Fixed in: