Fedora 43 libsoup3 Moderate Credential Leak Patch CVE-2026-1539
fedora
March 21, 2026
Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on cross origin redirect)
Summary
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it), but the SOAP parts were removed
long ago.
Update Information:
Add patch for CVE-2026-1539 (Also remove Proxy-Authorization header on cross origin redirect)
Topics Covered
Change Log
* Thu Mar 19 2026 Milan Crha
References
[ 1 ] Bug #2433867 - CVE-2026-1539 libsoup3: libsoup: Credential leakage via HTTP redirects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2433867
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-f029d04054' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Name: libsoup3
Product: Fedora 43
Version: 3.6.6
Release: 2.fc43
Summary: Soup, an HTTP library implementation
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!