Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE libsoup2 Important Denial of Service Issues 2026-0834-1

suse
Calendar Grey March 6, 2026
Dist Suse Esm H88
Update for libsoup2 resolves seven issues with important risk levels. Critical fixes for SUSE systems now available.
An update that solves seven vulnerabilities can now be installed.

Summary

## This update for libsoup2 fixes the following issues: * CVE-2025-32049: denial of service attack to websocket server (bsc#1240751). * CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398). * CVE-2026-1539: proxy authentication credentials leaked via the Proxy- Authorization header when handling HTTP redirects (bsc#1257441). * CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request smuggling and potential DoS (bsc#1257597). * CVE-2026-2369: buffer overread due to integer underflow when handling zero- length resources (bsc#1258120). * CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information disclosure to remote attackers

References

* bsc#1240751

* bsc#1257398

* bsc#1257441

* bsc#1257597

* bsc#1258120

* bsc#1258170

* bsc#1258508

Cross-

* CVE-2025-32049

* CVE-2026-1467

* CVE-2026-1539

* CVE-2026-1760

* CVE-2026-2369

* CVE-2026-2443

* CVE-2026-2708

CVSS scores:

* CVE-2025-32049 ( SUSE ): 7.1

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-32049 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-32049 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-1467 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

* CVE-2026-1467 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

* CVE-2026-1467 ( NVD ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

* CVE-2026-1539 ( SUSE ): 6.9

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0834-1
Release Date: 2026-03-05T20:00:32Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here