Fedora 43 libsoup3 Critical Information Disclosure CVE-2026-5119
fedora
June 4, 2026
Patch for CVE-2026-5119
Summary
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it), but the SOAP parts were removed
long ago.
Update Information:
Patch for CVE-2026-5119
Topics Covered
Change Log
* Tue May 19 2026 Luigi Pavan
References
[ 1 ] Bug #2452935 - CVE-2026-5119 libsoup3: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2452935
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-37298d3095' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: libsoup3
Product: Fedora 43
Version: 3.6.6
Release: 3.fc43
Summary: Soup, an HTTP library implementation
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!