Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in libsoup.. ========================================================================== Ubuntu Security Notice USN-8523-1 July 09, 2026 libsoup2.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in libsoup. Software Description: - libsoup2.4: HTTP client/server library for GNOME Details: Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in information disclosure or a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-2369) Kona Arctic discovered that libsoup did not properly protect sensitive cookies when establishing HTTPS tunnels through an HTTP proxy. An attacker could possibly use this issue to intercept session cookies, resulting in session hijacking or user impersonation. (CVE-2026-5119) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libsoup-2.4-1 2.74.3-10.1ubuntu5+esm1 Available with Ubuntu Pro libsoup-gnome-2.4-1 2.74.3-10.1ubuntu5+esm1 Available with Ubuntu Pro libsoup2.4-common 2.74.3-10.1ubuntu5+esm1 Available with Ubuntu Pro libsoup2.4-dev 2.74.3-10.1ubuntu5+esm1 Available with Ubuntu Pro libsoup2.4-tests 2.74.3-10.1ubuntu5+esm1 Available with Ubuntu Pro Ubuntu 25.10 libsoup-2.4-1 2.74.3-10.1ubuntu4.1 libsoup-gnome-2.4-1 2.74.3-10.1ubuntu4.1 libsoup2.4-common 2.74.3-10.1ubuntu4.1 libsoup2.4-dev 2.74.3-10.1ubuntu4.1 libsoup2.4-tests 2.74.3-10.1ubuntu4.1 Ubuntu 24.04 LTS libsoup-2.4-1 2.74.3-6ubuntu1.7 libsoup-gnome-2.4-1 2.74.3-6ubuntu1.7 libsoup2.4-common 2.74.3-6ubuntu1.7 libsoup2.4-dev 2.74.3-6ubuntu1.7 libsoup2.4-tests 2.74.3-6ubuntu1.7 Ubuntu 22.04 LTS libsoup-gnome2.4-1 2.74.2-3ubuntu0.7 libsoup2.4-1 2.74.2-3ubuntu0.7 libsoup2.4-common 2.74.2-3ubuntu0.7 libsoup2.4-dev 2.74.2-3ubuntu0.7 libsoup2.4-tests 2.74.2-3ubuntu0.7 Ubuntu 20.04 LTS libsoup-gnome2.4-1 2.70.0-1ubuntu0.5+esm2 Available with Ubuntu Pro libsoup2.4-1 2.70.0-1ubuntu0.5+esm2 Available with Ubuntu Pro libsoup2.4-dev 2.70.0-1ubuntu0.5+esm2 Available with Ubuntu Pro libsoup2.4-tests 2.70.0-1ubuntu0.5+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libsoup-gnome2.4-1 2.62.1-1ubuntu0.4+esm7 Available with Ubuntu Pro libsoup2.4-1 2.62.1-1ubuntu0.4+esm7 Available with Ubuntu Pro libsoup2.4-dev 2.62.1-1ubuntu0.4+esm7 Available with Ubuntu Pro Ubuntu 16.04 LTS libsoup-gnome2.4-1 2.52.2-1ubuntu0.3+esm6 Available with Ubuntu Pro libsoup2.4-1 2.52.2-1ubuntu0.3+esm6 Available with Ubuntu Pro libsoup2.4-dev 2.52.2-1ubuntu0.3+esm6 Available with Ubuntu Pro In general, astandard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8523-1 CVE-2026-2369, CVE-2026-5119 Package Information: https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-10.1ubuntu4.1 https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-6ubuntu1.7 https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.2-3ubuntu0.7 . Several issues in libsoup were resolved, enhancing security across multiple Ubuntu versions including potential session hijacking.. libsoup security issues, Ubuntu vulnerability patch, HTTP client library security, buffer over-read issue. . Severity: Critical. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:2702-1 Release Date: 2026-06-30T10:27:36Z Rating: moderate References: * bsc#1257649 Cross-References: * CVE-2026-1801 CVSS scores: * CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security * SUSE Linux Enterprise Server for SAP Applications 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue * CVE-2026-1801: HTTP Request Smuggling in soup_filter_input_stream_read_line() (bsc#1257649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security zypper in -t patch SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-2702=1 ## Package List: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (x86_64) * typelib-1_0-Soup-2_4-2.62.2-5.43.1 * libsoup-2_4-1-32bit-2.62.2-5.43.1 * libsoup-debugsource-2.62.2-5.43.1 * libsoup-2_4-1-2.62.2-5.43.1 * libsoup-2_4-1-debuginfo-2.62.2-5.43.1 * libsoup-2_4-1-debuginfo-32bit-2.62.2-5.43.1 * libsoup-devel-2.62.2-5.43.1 * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security (noarch) * libsoup-lang-2.62.2-5.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1801.html * https://bugzilla.suse.com/show_bug.cgi?id=1257649 . SUSE releases moderate security update forlibsoup addressing HTTP request smuggling vulnerability CVE-2026-1801.. SUSE Security Update, libsoup, HTTP Request Smuggling, Security Fix, SUSE Advisory. . Severity: moderate. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-24722 http://linux.oracle.com/errata/ELSA-2026-24722.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libsoup-2.62.2-2.0.13.el7.i686.rpm libsoup-2.62.2-2.0.13.el7.x86_64.rpm libsoup-devel-2.62.2-2.0.13.el7.i686.rpm libsoup-devel-2.62.2-2.0.13.el7.x86_64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/libsoup-2.62.2-2.0.13.el7.src.rpm Related CVEs: CVE-2026-5119 Description of changes: [2.62.2-2.0.13] - Backport fix for CVE-2026-5119 [Orabug: 39527088] [2.62.2-2.0.11] - Fixes CVE-2026-0719 CVE-2026-1761 [Orabug: 38958074] [2.62.2-2.0.9] - Fix CVE-2025-14523 [Orabug: 38873507] [2.62.2-2.0.7] - Backport patch for CVE-2025-4945 and CVE-2025-11021 [Orabug: 38664275] [2.62.2-2.0.5] - Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 [Orabug: 38085184] - CVE-2025-32906 CVE-2025-32911 CVE-2025-32913 CVE-2025-32914 [2.62.2-2.0.3] - Fixed CVE-2024-52531 buffer overflow via UTF-8 conversion in - soup_header_parse_param_list_strict [Orabug: 37557504] _______________________________________________ El-errata mailing list
An update that solves one vulnerability can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:2669-1 Release Date: 2026-06-29T05:42:15Z Rating: moderate References: * bsc#1257649 Cross-References: * CVE-2026-1801 CVSS scores: * CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue * CVE-2026-1801: HTTP Request Smuggling in soup_filter_input_stream_read_line() (bsc#1257649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2669=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libsoup-debugsource-3.0.4-150400.3.43.1 * libsoup-3_0-0-3.0.4-150400.3.43.1 * typelib-1_0-Soup-3_0-3.0.4-150400.3.43.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.43.1 * libsoup-devel-3.0.4-150400.3.43.1 * openSUSE Leap 15.4 (x86_64) * libsoup-devel-32bit-3.0.4-150400.3.43.1 * libsoup-3_0-0-32bit-3.0.4-150400.3.43.1 * libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.43.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.43.1 * libsoup-3_0-0-64bit-3.0.4-150400.3.43.1 * libsoup-devel-64bit-3.0.4-150400.3.43.1 * openSUSE Leap 15.4 (noarch) * libsoup-lang-3.0.4-150400.3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1801.html * https://bugzilla.suse.com/show_bug.cgi?id=1257649 . Thisupdate for libsoup in openSUSE addresses a moderate severity HTTP request smuggling issue with important fixes included.. libsoup update, http request fix, openSUSE security, SUSE vulnerabilities. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:2669-1 Release Date: 2026-06-29T05:42:15Z Rating: moderate References: * bsc#1257649 Cross-References: * CVE-2026-1801 CVSS scores: * CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * openSUSE Leap 15.4 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue * CVE-2026-1801: HTTP Request Smuggling in soup_filter_input_stream_read_line() (bsc#1257649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2669=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libsoup-debugsource-3.0.4-150400.3.43.1 * libsoup-3_0-0-3.0.4-150400.3.43.1 * typelib-1_0-Soup-3_0-3.0.4-150400.3.43.1 * libsoup-3_0-0-debuginfo-3.0.4-150400.3.43.1 * libsoup-devel-3.0.4-150400.3.43.1 * openSUSE Leap 15.4 (x86_64) * libsoup-devel-32bit-3.0.4-150400.3.43.1 * libsoup-3_0-0-32bit-3.0.4-150400.3.43.1 * libsoup-3_0-0-32bit-debuginfo-3.0.4-150400.3.43.1 * openSUSE Leap 15.4 (aarch64_ilp32) * libsoup-3_0-0-64bit-debuginfo-3.0.4-150400.3.43.1 * libsoup-3_0-0-64bit-3.0.4-150400.3.43.1 * libsoup-devel-64bit-3.0.4-150400.3.43.1 * openSUSE Leap 15.4 (noarch) * libsoup-lang-3.0.4-150400.3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1801.html * https://bugzilla.suse.com/show_bug.cgi?id=1257649 .Address a moderate security risk in libsoup with this SUSE update for openSUSE Leap 15.4. Action recommended.. SUSE update libsoup security patch HTTP request smuggling. . Severity: moderate. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-19356 http://linux.oracle.com/errata/ELSA-2026-19356.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: libsoup-2.72.0-16.el9_8.1.i686.rpm libsoup-2.72.0-16.el9_8.1.x86_64.rpm libsoup-devel-2.72.0-16.el9_8.1.i686.rpm libsoup-devel-2.72.0-16.el9_8.1.x86_64.rpm aarch64: libsoup-2.72.0-16.el9_8.1.aarch64.rpm libsoup-devel-2.72.0-16.el9_8.1.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/libsoup-2.72.0-16.el9_8.1.src.rpm Related CVEs: CVE-2026-5119 Description of changes: [2.72.0-16.1] - Backport patch for CVE-2026-5119 [2.72.0-16] - Backport patch for CVE-2026-1761 [2.72.0-15] - Backport patch for CVE-2026-0719 - Fix NTLM authentication test failures in FIPS mode [2.72.0-14] - Backport patch for CVE-2025-14523 [2.72.0-13] - Backport patch for CVE-2025-4945 and CVE-2025-11021 _______________________________________________ El-errata mailing list
An update that solves one vulnerability can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:22061-1 Release Date: 2026-06-05T15:20:34Z Rating: moderate References: * bsc#1257649 Cross-References: * CVE-2026-1801 CVSS scores: * CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.0 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue * CVE-2026-1801: HTTP Request Smuggling in soup_filter_input_stream_read_line() (bsc#1257649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-743=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libsoup-3_0-0-3.4.2-16.1 * libsoup-debugsource-3.4.2-16.1 * libsoup-3_0-0-debuginfo-3.4.2-16.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1801.html * https://bugzilla.suse.com/show_bug.cgi?id=1257649 . Discover the latest SUSE security advisory for libsoup addressing a moderate HTTP Request Smuggling issue.. SUSE Security Update, libsoup Security Patch, HTTP Request Smuggling, SUSE Linux Micro, CVE-2026-1801. . Severity: moderate. LinuxSecurity.com Team
An update that solves one vulnerability can now be installed.. # Security update for libsoup Announcement ID: SUSE-SU-2026:22071-1 Release Date: 2026-06-05T14:42:55Z Rating: moderate References: * bsc#1257649 Cross-References: * CVE-2026-1801 CVSS scores: * CVE-2026-1801 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-1801 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2026-1801 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for libsoup fixes the following issue * CVE-2026-1801: HTTP Request Smuggling in soup_filter_input_stream_read_line() (bsc#1257649). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-567=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libsoup-3_0-0-debuginfo-3.4.4-slfo.1.1_10.1 * libsoup-debugsource-3.4.4-slfo.1.1_10.1 * libsoup-3_0-0-3.4.4-slfo.1.1_10.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1801.html * https://bugzilla.suse.com/show_bug.cgi?id=1257649 . Update for libsoup resolves a moderate issue with HTTP Request Smuggling vulnerability.. SUSE Security Update, libsoup Update, HTTP Request Smuggling. . Severity: moderate. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.