This update for libsoup fixes the following issues:
- CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562).
- CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).
- CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-227=1
- openSUSE Leap 16.0:
libsoup-3_0-0-3.6.5-160000.3.1
libsoup-devel-3.6.5-160000.3.1
libsoup-lang-3.6.5-160000.3.1
typelib-1_0-Soup-3_0-3.6.5-160000.3.1
* bsc#1250562
* bsc#1256399
* bsc#1256418
References:
* https://www.suse.com/security/cve/CVE-2025-11021.html
* https://www.suse.com/security/cve/CVE-2026-0716.html
* https://www.suse.com/security/cve/CVE-2026-0719.html
Get the latest Linux and open source security news straight to your inbox.