Security update for libsoup SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20245-1 Final 1 1 2026-01-16T12:54:13Z current 2026-01-16T12:54:13Z 2026-01-16T12:54:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup This update for libsoup fixes the following issues: - CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418). - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-563 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620245-1/ Link for SUSE-SU-2026:20245-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024234.html E-Mail link for SUSE-SU-2026:20245-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256399 SUSE Bug 1256399 https://bugzilla.suse.com/1256418 SUSE Bug 1256418 https://www.suse.com/security/cve/CVE-2026-0716/ SUSE CVE CVE-2026-0716 page https://www.suse.com/security/cve/CVE-2026-0719/ SUSE CVE CVE-2026-0719 page SUSE Linux Micro 6.0 libsoup-3_0-0-3.4.2-11.1 libsoup-3_0-0-3.4.2-11.1 as a component of SUSE Linux Micro 6.0 A flaw was found in libsoup's WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup's WebSocket support with this configuration may be impacted. CVE-2026-0716 SUSE Linux Micro 6.0:libsoup-3_0-0-3.4.2-11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620245-1/ https://www.suse.com/security/cve/CVE-2026-0716.html CVE-2026-0716 https://bugzilla.suse.com/1256418 SUSE Bug 1256418 A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. CVE-2026-0719 SUSE Linux Micro 6.0:libsoup-3_0-0-3.4.2-11.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620245-1/ https://www.suse.com/security/cve/CVE-2026-0719.html CVE-2026-0719 https://bugzilla.suse.com/1256399 SUSE Bug 1256399