Security update for libsoup SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0469-1 Final 1 1 2026-02-12T11:21:36Z current 2026-02-12T11:21:36Z 2026-02-12T11:21:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup This update for libsoup fixes the following issues: - CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-469,SUSE-SUSE-MicroOS-5.2-2026-469 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260469-1/ Link for SUSE-SU-2026:0469-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024144.html E-Mail link for SUSE-SU-2026:0469-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243422 SUSE Bug 1243422 https://www.suse.com/security/cve/CVE-2025-4476/ SUSE CVE CVE-2025-4476 page SUSE Linux Enterprise Micro 5.2 libsoup-2_4-1-2.68.4-150200.4.27.1 libsoup-2_4-1-32bit-2.68.4-150200.4.27.1 libsoup-2_4-1-64bit-2.68.4-150200.4.27.1 libsoup-devel-2.68.4-150200.4.27.1 libsoup-devel-32bit-2.68.4-150200.4.27.1 libsoup-devel-64bit-2.68.4-150200.4.27.1 libsoup-lang-2.68.4-150200.4.27.1 typelib-1_0-Soup-2_4-2.68.4-150200.4.27.1 libsoup-2_4-1-2.68.4-150200.4.27.1 as a component of SUSE Linux Enterprise Micro 5.2 A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 (Unauthorized) HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed header can lead to a crash of the client application using libsoup. An attacker could exploit this by setting up a malicious HTTP server. If a user's application using the vulnerable libsoup library connects to this malicious server, it could result in a denial-of-service. Successful exploitation requires tricking a user's client application into connecting to the attacker's malicious server. CVE-2025-4476 SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.27.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260469-1/ https://www.suse.com/security/cve/CVE-2025-4476.html CVE-2025-4476 https://bugzilla.suse.com/1243422 SUSE Bug 1243422