Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

openSUSE Leap 16.0 libsoup2 Important 11 Vulnerabilities Fixed 2026-20354-1

opensuse
Calendar Grey March 14, 2026
Dist Opensuse Esm H88
An important security update for openSUSE addressing 11 vulnerabilities in libsoup2, ensuring system integrity and stability.
An update that solves 11 vulnerabilities and has 11 bug fixes can now be installed.

Description

This update for libsoup2 fixes the following issues:

- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).

- CVE-2025-14523: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (bsc#1254876).

- CVE-2025-32049: Denial of Service attack to websocket server (bsc#1240751).

- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).

- CVE-2026-0719: stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).

- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).

- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects

(bsc#1257441).

- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request

smuggling and potential DoS (bsc#1257597).

- CVE-2026-2369: Buffer overread due to integer underflow when...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important OpenSUSE libsoup2

Patch

Package List

- openSUSE Leap 16.0:

libsoup-2_4-1-2.74.3-160000.4.1

libsoup2-devel-2.74.3-160000.4.1

libsoup2-lang-2.74.3-160000.4.1

typelib-1_0-Soup-2_4-2.74.3-160000.4.1

References

* bsc#1240751

* bsc#1243422

* bsc#1254876

* bsc#1256399

* bsc#1256418

* bsc#1257398

* bsc#1257441

* bsc#1257597

* bsc#1258120

* bsc#1258170

* bsc#1258508

References:

* https://www.suse.com/security/cve/CVE-2025-14523.html

* https://www.suse.com/security/cve/CVE-2025-32049.html

* https://www.suse.com/security/cve/CVE-2025-4476.html

* https://www.suse.com/security/cve/CVE-2026-0716.html

* https://www.suse.com/security/cve/CVE-2026-0719.html

* https://www.suse.com/security/cve/CVE-2026-1467.html

* https://www.suse.com/security/cve/CVE-2026-1539.html

* https://www.suse.com/security/cve/CVE-2026-1760.html

* https://www.suse.com/security/cve/CVE-2026-2369.html

* https://www.suse.com/security/cve/CVE-2026-2443.html

* https://www.suse.com/security/cve/CVE-2026-2708.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20354-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory buffer overflow DoS important OpenSUSE libsoup2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here