Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 libsoup Important Code Exec Vulnerabilities 2026-20142-1

opensuse
Calendar Grey February 3, 2026
Dist Opensuse Esm H88
Critical security update for libsoup addresses multiple vulnerabilities on openSUSE. Immediate installation recommended for protection.
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description

This update for libsoup fixes the following issues:

- CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562).

- CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).

- CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-227=1

Patch

Package List

- openSUSE Leap 16.0:

libsoup-3_0-0-3.6.5-160000.3.1

libsoup-devel-3.6.5-160000.3.1

libsoup-lang-3.6.5-160000.3.1

typelib-1_0-Soup-3_0-3.6.5-160000.3.1

References

* bsc#1250562

* bsc#1256399

* bsc#1256418

References:

* https://www.suse.com/security/cve/CVE-2025-11021.html

* https://www.suse.com/security/cve/CVE-2026-0716.html

* https://www.suse.com/security/cve/CVE-2026-0719.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20142-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here