Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-0719 (GCVE-0-2026-0719)
Vulnerability from cvelistv5 – Published: 2026-01-08 12:38 – Updated: 2026-02-17 18:23
VLAI?
EPSS
Title
Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
Summary
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
Severity ?
8.6 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:3.6.5-3.el10_1.9 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Red Hat would like to thank treeplus for reporting this issue.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-09T04:55:17.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1"
],
"defaultStatus": "affected",
"packageName": "libsoup3",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.5-3.el10_1.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"packageName": "libsoup3",
"product": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.5-3.el10_0.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.2-11.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-13.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-13.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-1.el8_2.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-2.el8_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream",
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-2.el8_4.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-2.el8_6.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-2.el8_6.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/a:redhat:rhel_tus:8.6::appstream",
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-2.el8_6.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream",
"cpe:/a:redhat:rhel_aus:8.6::appstream",
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-3.el8_8.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos",
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.62.3-3.el8_8.8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.8::appstream",
"cpe:/a:redhat:rhel_e4s:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "spice-client-win",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:8.10-7.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.72.0-12.el9_7.5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.72.0-8.el9_0.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.72.0-8.el9_2.10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.72.0-8.el9_4.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.72.0-10.el9_6.6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.26::el9"
],
"defaultStatus": "affected",
"packageName": "devspaces/openvsx-rhel9",
"product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.26::el9"
],
"defaultStatus": "affected",
"packageName": "devspaces/pluginregistry-rhel9",
"product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.26::el9"
],
"defaultStatus": "affected",
"packageName": "devspaces/udi-rhel9",
"product": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "libsoup",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank treeplus for reporting this issue."
}
],
"datePublic": "2026-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T18:23:04.114Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2026:1948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
},
{
"name": "RHSA-2026:2005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"name": "RHSA-2026:2006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"name": "RHSA-2026:2007",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"name": "RHSA-2026:2008",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"name": "RHSA-2026:2049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"name": "RHSA-2026:2182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"name": "RHSA-2026:2214",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"name": "RHSA-2026:2215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"name": "RHSA-2026:2216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"name": "RHSA-2026:2396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"name": "RHSA-2026:2402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"name": "RHSA-2026:2512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"name": "RHSA-2026:2513",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"name": "RHSA-2026:2514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"name": "RHSA-2026:2528",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"name": "RHSA-2026:2529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"name": "RHSA-2026:2628",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"name": "RHSA-2026:2844",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"name": "RHBZ#2427906",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-08T12:09:43.352Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-01-08T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-121: Stack-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-0719",
"datePublished": "2026-01-08T12:38:30.740Z",
"dateReserved": "2026-01-08T12:12:33.130Z",
"dateUpdated": "2026-02-17T18:23:04.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-0719\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2026-01-08T13:15:43.283\",\"lastModified\":\"2026-02-17T19:21:55.890\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2026:1948\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2005\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2006\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2007\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2008\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2049\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2182\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2214\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2215\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2216\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2396\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2402\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2512\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2513\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2514\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2528\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2529\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2628\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:2844\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-0719\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2427906\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://gitlab.gnome.org/GNOME/libsoup/-/issues/477\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-0719\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-08T14:26:11.463742Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-08T14:31:28.400Z\"}}], \"cna\": {\"title\": \"Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication\", \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank treeplus for reporting this issue.\"}], \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.5-3.el10_1.9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10.0 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:3.6.5-3.el10_0.14\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup3\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.2-11.el7_9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\", \"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-13.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\", \"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-13.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\", \"cpe:/a:redhat:rhel_aus:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-1.el8_2.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-2.el8_4.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\", \"cpe:/o:redhat:rhel_aus:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-2.el8_4.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\", \"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-2.el8_6.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-2.el8_6.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\", \"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-2.el8_6.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\", \"cpe:/a:redhat:rhel_aus:8.6::appstream\", \"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_6.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-3.el8_8.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:8.8::baseos\", \"cpe:/o:redhat:rhel_tus:8.8::baseos\", \"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.62.3-3.el8_8.8\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\", \"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:8.10-7.el8_8.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"spice-client-win\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.72.0-12.el9_7.5\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.72.0-8.el9_0.9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.72.0-8.el9_2.10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.72.0-8.el9_4.9\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.6 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:2.72.0-10.el9_6.6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.26::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"devspaces/openvsx-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.26::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"devspaces/pluginregistry-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.26::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"devspaces/udi-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"packageName\": \"libsoup\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-01-08T12:09:43.352Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-01-08T00:00:00.000Z\", \"value\": \"Made public.\"}], \"datePublic\": \"2026-01-08T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2026:1948\", \"name\": \"RHSA-2026:1948\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2005\", \"name\": \"RHSA-2026:2005\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2006\", \"name\": \"RHSA-2026:2006\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2007\", \"name\": \"RHSA-2026:2007\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2008\", \"name\": \"RHSA-2026:2008\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2049\", \"name\": \"RHSA-2026:2049\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2182\", \"name\": \"RHSA-2026:2182\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2214\", \"name\": \"RHSA-2026:2214\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2215\", \"name\": \"RHSA-2026:2215\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2216\", \"name\": \"RHSA-2026:2216\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2396\", \"name\": \"RHSA-2026:2396\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2402\", \"name\": \"RHSA-2026:2402\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2512\", \"name\": \"RHSA-2026:2512\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2513\", \"name\": \"RHSA-2026:2513\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2514\", \"name\": \"RHSA-2026:2514\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2528\", \"name\": \"RHSA-2026:2528\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2529\", \"name\": \"RHSA-2026:2529\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2628\", \"name\": \"RHSA-2026:2628\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:2844\", \"name\": \"RHSA-2026:2844\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2026-0719\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2427906\", \"name\": \"RHBZ#2427906\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://gitlab.gnome.org/GNOME/libsoup/-/issues/477\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"cvelib 1.8.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2026-02-17T18:23:04.114Z\"}, \"x_redhatCweChain\": \"CWE-121: Stack-based Buffer Overflow\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-0719\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-17T18:23:04.114Z\", \"dateReserved\": \"2026-01-08T12:12:33.130Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2026-01-08T12:38:30.740Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:2215
Vulnerability from csaf_redhat - Published: 2026-02-09 02:41 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2215",
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2215.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:18+00:00",
"generator": {
"date": "2026-02-17T18:23:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2215",
"initial_release_date": "2026-02-09T02:41:31+00:00",
"revision_history": [
{
"date": "2026-02-09T02:41:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T02:41:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"product_id": "libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-13.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-13.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-13.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-13.el8_10.x86_64",
"product": {
"name": "libsoup-0:2.62.3-13.el8_10.x86_64",
"product_id": "libsoup-0:2.62.3-13.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-13.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-13.el8_10.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.i686",
"product_id": "libsoup-devel-0:2.62.3-13.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-13.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"product_id": "libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-13.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-13.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-13.el8_10.i686",
"product": {
"name": "libsoup-0:2.62.3-13.el8_10.i686",
"product_id": "libsoup-0:2.62.3-13.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-13.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-13.el8_10.s390x",
"product": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.s390x",
"product_id": "libsoup-devel-0:2.62.3-13.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-13.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"product": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"product_id": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-13.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"product_id": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-13.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-13.el8_10.s390x",
"product": {
"name": "libsoup-0:2.62.3-13.el8_10.s390x",
"product_id": "libsoup-0:2.62.3-13.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-13.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"product": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"product_id": "libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-13.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"product_id": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-13.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"product_id": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-13.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-13.el8_10.aarch64",
"product": {
"name": "libsoup-0:2.62.3-13.el8_10.aarch64",
"product_id": "libsoup-0:2.62.3-13.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-13.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"product": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"product_id": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-13.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"product_id": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-13.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"product_id": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-13.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-13.el8_10.ppc64le",
"product": {
"name": "libsoup-0:2.62.3-13.el8_10.ppc64le",
"product_id": "libsoup-0:2.62.3-13.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-13.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-13.el8_10.src",
"product": {
"name": "libsoup-0:2.62.3-13.el8_10.src",
"product_id": "libsoup-0:2.62.3-13.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-13.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-13.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T02:41:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T02:41:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debuginfo-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-debugsource-0:2.62.3-13.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:libsoup-devel-0:2.62.3-13.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2008
Vulnerability from csaf_redhat - Published: 2026-02-05 03:46 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2008",
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2008.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:16+00:00",
"generator": {
"date": "2026-02-17T18:23:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2008",
"initial_release_date": "2026-02-05T03:46:53+00:00",
"revision_history": [
{
"date": "2026-02-05T03:46:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T03:46:53+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_0.9.src",
"product": {
"name": "libsoup-0:2.72.0-8.el9_0.9.src",
"product_id": "libsoup-0:2.72.0-8.el9_0.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_0.9.aarch64",
"product": {
"name": "libsoup-0:2.72.0-8.el9_0.9.aarch64",
"product_id": "libsoup-0:2.72.0-8.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"product_id": "libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"product": {
"name": "libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"product_id": "libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"product_id": "libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_0.9.i686",
"product": {
"name": "libsoup-0:2.72.0-8.el9_0.9.i686",
"product_id": "libsoup-0:2.72.0-8.el9_0.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"product_id": "libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_0.9.x86_64",
"product": {
"name": "libsoup-0:2.72.0-8.el9_0.9.x86_64",
"product_id": "libsoup-0:2.72.0-8.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.x86_64",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.x86_64",
"product_id": "libsoup-devel-0:2.72.0-8.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_0.9.s390x",
"product": {
"name": "libsoup-0:2.72.0-8.el9_0.9.s390x",
"product_id": "libsoup-0:2.72.0-8.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_0.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"product_id": "libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_0.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_0.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_0.9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64"
},
"product_reference": "libsoup-0:2.72.0-8.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_0.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686"
},
"product_reference": "libsoup-0:2.72.0-8.el9_0.9.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le"
},
"product_reference": "libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x"
},
"product_reference": "libsoup-0:2.72.0-8.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_0.9.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src"
},
"product_reference": "libsoup-0:2.72.0-8.el9_0.9.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64"
},
"product_reference": "libsoup-0:2.72.0-8.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_0.9.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_0.9.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T03:46:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T03:46:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.src",
"AppStream-9.0.0.Z.E4S:libsoup-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_0.9.x86_64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.aarch64",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.i686",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.ppc64le",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.s390x",
"AppStream-9.0.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_0.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2513
Vulnerability from csaf_redhat - Published: 2026-02-11 07:51 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: spice-client-win security update
Notes
Topic
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Spice client MSI installers for Windows clients
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2513",
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2513.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:26+00:00",
"generator": {
"date": "2026-02-17T18:23:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2513",
"initial_release_date": "2026-02-11T07:51:25+00:00",
"revision_history": [
{
"date": "2026-02-11T07:51:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T07:51:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-7.el8_2.1.src",
"product": {
"name": "spice-client-win-0:8.10-7.el8_2.1.src",
"product_id": "spice-client-win-0:8.10-7.el8_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-7.el8_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-7.el8_2.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-7.el8_2.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-7.el8_2.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-7.el8_2.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-7.el8_2.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_2.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_2.1.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_2.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_2.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_2.1.noarch",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T07:51:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T07:51:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:spice-client-win-0:8.10-7.el8_2.1.src",
"AppStream-8.2.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_2.1.noarch",
"AppStream-8.2.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2514
Vulnerability from csaf_redhat - Published: 2026-02-11 08:06 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: spice-client-win security update
Notes
Topic
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Spice client MSI installers for Windows clients
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2514",
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2514.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:26+00:00",
"generator": {
"date": "2026-02-17T18:23:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2514",
"initial_release_date": "2026-02-11T08:06:25+00:00",
"revision_history": [
{
"date": "2026-02-11T08:06:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T08:06:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-7.el8_4.1.src",
"product": {
"name": "spice-client-win-0:8.10-7.el8_4.1.src",
"product_id": "spice-client-win-0:8.10-7.el8_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-7.el8_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-7.el8_4.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-7.el8_4.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_4.1.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_4.1.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T08:06:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T08:06:25+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-0:8.10-7.el8_4.1.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x64-0:8.10-7.el8_4.1.noarch",
"AppStream-8.4.0.Z.EUS.EXTENSION:spice-client-win-x86-0:8.10-7.el8_4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2844
Vulnerability from csaf_redhat - Published: 2026-02-17 18:20 - Updated: 2026-02-20 16:29Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.1 Release.
Notes
Topic
Red Hat OpenShift Dev Spaces 3.26.1 has been released.
Details
3.26.1 includes CVE fixes for CVE-2025-15467, CVE-2025-6176, CVE-2026-1761, CVE-2026-0719, CVE-2025-61732, and CVE-2025-61726.
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.26 release is based on Eclipse Che 7.113 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.26.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "3.26.1 includes CVE fixes for CVE-2025-15467, CVE-2025-6176, CVE-2026-1761, CVE-2026-0719, CVE-2025-61732, and CVE-2025-61726.\nRed Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\nThe 3.26 release is based on Eclipse Che 7.113 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\nUsers still using the v1 standard should migrate as soon as possible.\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\nDev Spaces supports OpenShift EUS releases v4.16 and higher. Users are expected to update to supported OpenShift releases in order to continue to get Dev Spaces updates.\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2844",
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.26/html/administration_guide/installing-devspaces",
"url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.26/html/administration_guide/installing-devspaces"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15467",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6176",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0719",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1761",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2844.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.1 Release.",
"tracking": {
"current_release_date": "2026-02-20T16:29:08+00:00",
"generator": {
"date": "2026-02-20T16:29:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2844",
"initial_release_date": "2026-02-17T18:20:32+00:00",
"revision_history": [
{
"date": "2026-02-17T18:20:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-17T18:20:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-20T16:29:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product": {
"name": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3.26::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces (RHOSDS)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Ad93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770495424"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Ae81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404535"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770764461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Af13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770759517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Ae724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3A619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770851052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"product_id": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256%3A1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770925072"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770918006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770332067"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3Accedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770913862"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3Aa03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770495424"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3Aa9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Affdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404535"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3A20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770764461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Ab503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770759517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ad37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770851052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ac2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770918006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770332067"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3A1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf?arch=s390x\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770913862"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770495424"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3Ab01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404535"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Acfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770764461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3A0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Aa644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770759517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3Aee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ac5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770851052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3Ab151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3Ad8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770918006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770332067"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Abb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770913862"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"product_id": "registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256%3A080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770495424"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"product": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"product_id": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"product_identification_helper": {
"purl": "pkg:oci/code-sshd-rhel9@sha256%3A4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494649"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"product": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"product_id": "registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256%3A46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404535"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"product": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"product_id": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256%3Aa67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770764461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"product": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"product_id": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256%3Ad198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"product": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"product_id": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256%3Acb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770759517"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"product": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"product_id": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256%3A75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770404430"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"product": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"product_id": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"product_identification_helper": {
"purl": "pkg:oci/openvsx-rhel9@sha256%3Ab69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770851052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"product": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"product_id": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256%3A740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"product": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"product_id": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256%3A48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770918006"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"product": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"product_id": "registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256%3A967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770332067"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"product": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"product_id": "registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256%3A7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770494726"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64",
"product": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64",
"product_id": "registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256%3Af3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5?arch=arm64\u0026repository_url=registry.redhat.io/devspaces\u0026tag=1770913862"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64"
},
"product_reference": "registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x"
},
"product_reference": "registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x"
},
"product_reference": "registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64"
},
"product_reference": "registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x"
},
"product_reference": "registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64"
},
"product_reference": "registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
},
"product_reference": "registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64 as a component of Red Hat OpenShift Dev Spaces (RHOSDS) 3.26",
"product_id": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
},
"product_reference": "registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64",
"relates_to_product_reference": "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-6176",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-31T01:00:56.408048+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408762"
}
],
"notes": [
{
"category": "description",
"text": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in Scrapy\u0027s brotli decompression implementation allows remote attackers to trigger a denial of service by sending specially crafted brotli-compressed data. This can lead to excessive memory consumption and system instability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "RHBZ#2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0",
"url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"
}
],
"release_date": "2025-10-31T00:00:21.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T18:20:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T18:20:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T18:20:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Potential code smuggling via doc comments in cmd/cgo",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T18:20:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Potential code smuggling via doc comments in cmd/cgo"
},
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T18:20:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-17T18:20:32+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:07b5aa25be771e9205eeec6b99eba468e856fe613ce1f14f56fe1a1987bebff1_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:080f5c8c0036ff152960bace14a46d838aaab50d005b02741ba26d08fc040249_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:a03a86747f6191a55ba5a95383124c93fcbba2b137da04fe6b9508a2e54a2a86_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-rhel9@sha256:d93b78cc40286233dd48bf7bb91eab892329bb56367c03e4e2cf36e565917209_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:4aff583803de7ebd055aa820c3167cf60fd65c4c5192cb86af65803c552871ec_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:6c0618a262457b1e209870c64225082c01200807b2ae338063425d3aa2f96fcc_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:a9a3ee20941be2f803fc3d5ac9f14ebdc4bea275927f56696aaf9ba8b4900c74_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/code-sshd-rhel9@sha256:e81bba6aea603106046eaf3196d785d1ae63eb82b8b2d5799c2e8757ca30fb4b_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:2dd449320ffd135b13cc7a43392f8be402c6b21677e949b6cb23d90c25b2af27_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:46e17c423ab487e330913b8f7addd7f4625e5f74385104e5856c01f78ef31d09_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:b01aa02ff03139120d3316da77ec4a0b4423c3c5561a3a1113732eedabe9aecd_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/configbump-rhel9@sha256:ffdb6bd87cb727dd99df7a9b3c160bd26fc113957bb22dc442cd38ba6b56d485_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:20b0660092b3a3c069c06aae34f3306bcd655d58e33f7b8ce168aa3f21ccfef1_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:48de995db52924f4a20fc4c62c18a62223b3ef05ac5b5008dcb3628a4ee2767e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:a67220640f3cbaea11bc4e47a36fc852152620bc50a81cdf155c56374b2cc546_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/dashboard-rhel9@sha256:cfba0a1117e348ee5252289beaca5affdff3dc4a0e4cfc87f7b3ed20db16c1db_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-operator-bundle@sha256:1da81db973a6033fbe12a59e877335bf194ec4563b61e530a44326915518f788_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:740fb67de0e874261cf456ab601b9c5a2de47912d04375172c36ee2110c54594_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:7ca3cba246b8d1163fcbbb2d4798a27b5e123f36b5155e0c563747316f09b09f_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:b151b96c8187c820c6e91e6bc2a3048839e5b3dc883cec69bb04e46a875c6f74_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/devspaces-rhel9-operator@sha256:c2c57991cc8bdda2882836401980b05d81bb254d8f6002cc345fbb985e43c258_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:0265615072824fe889c5bd3d1f40d8027c38236718ec3c994bc327583e4e4885_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:24e0cccde7ea62cc4371acaa567e3e180c01941fa35844088bc73a4b27e5281e_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:8704addd93ca4fbbf4a585084775de2fe496e7641b1406a426d29e107d86119c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/imagepuller-rhel9@sha256:d198c71d91965b65f49eea8497a7574cb8d7a9599c54fa95d8d8cd12f60c6c81_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:a644a873fe159eece3e6ce341eceb7b7a4fe62f5e835e604aaf8574735d960ca_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:b503ab30512cc9bf3cfa89f5a8b09a591b038f61c22d1b2777477f40bbdbec0b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:cb7dfb0bcf96a8f8ddeea922aa9be138b734b085267e2ce6a89390a51349f57d_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/jetbrains-ide-rhel9@sha256:f13b292f3ab98895a8d07f4b4637af2c8fe0b45dd4609e3a2a2548b9dfb239d1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:3d277b876221d34650e2e7dd6368fd0892f9f535424c77ff1219df36c3972939_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:75097ff55bd9c180931c8db38709e70e3909fa17e2a7ed0949ffe02de01a468a_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:e724671480f0db043ff01c510cf3665833976806b3fb3fe64c4f186c3d445e7c_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/machineexec-rhel9@sha256:ee21dfe4d927a49196e81782875e88bd564c48c620ec07444a07387f9e4b6889_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:619c10386e0224e5228876a434c5b8d78d251bc383e2a9491503d6ceddd33c96_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:b69f3ac7efeae55c89036c589536b264f1a1e2431d120ea625c1045fc9d7de79_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:c5e4373203140944e469e0306311911cde0231b24d256bb9c65e3150558efd3c_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/openvsx-rhel9@sha256:d37e4c1f6f9bcebfb5ef805284b343d98d6e742adb589ade746321eade5863b4_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:25de67b5c2c60597173d977b2a09ecd14a9b2d60c4fd24ac0c8bf3c1ac6c000e_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:26dd9fb71bfad01a9a62e5cd83768146120efea71107c89cd8ce3361e7c73b4b_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:48d31aa446fe1033ad770ed74442053bcee5102035a9c618fb81cde1743a9692_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/pluginregistry-rhel9@sha256:d8203704e7ee44c7937b1c81166c63c002a8a09de0e38b04a3cc1e60ad94adcf_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:049c2ef7242b5ba8f80c623fb9d3a1577ade9470547119d45e5dbe1c6889b097_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:21a2cb587fce8d547f8cc31c97243bbf2bf30e8cccb64a772d60df40c909f221_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:506a7942298ea0fe39bd7cc794b9b8c374d91b38c194af3f8ec05b2d0b008205_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/server-rhel9@sha256:967d1fa6c419ed553a04addc4ca15b80ec83dc5c6899194514324eb4c79afa68_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:38f746ee7214cd30a440b754f9fa6d72e3bd802eb868e13eec139fb643e20dbc_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:7663c30c4bd9750038838a7131b680130e85f4a8d5aa41741ce4aecab7bede8b_arm64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:8ea5bdee69a073ae7a741c6fe6d770d2ed87b0c0143885fca06a49d2a0036612_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/traefik-rhel9@sha256:ccedf18e442831008f1c63721c6bf536436af0024279151044dd2d8c5e87f684_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:1a9e80f609eaf33cc252400a5e4371096dc549cbf9364e95dc6f38144fdb8bdf_s390x",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:90f6995edd69f00118cad45ab7c6d4683a99c2de2b3202f017d108cd4aadccc1_amd64",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:bb9f0ee4fa785a4c3d4a3f6f5e177f4a41350ccef40bc53bfeedee2d52061472_ppc64le",
"Red Hat OpenShift Dev Spaces (RHOSDS) 3.26:registry.redhat.io/devspaces/udi-rhel9@sha256:f3428de9e2ede29629694ab02ff8ca25543f3bc8a7300d1de95c00724e31c4b5_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2006
Vulnerability from csaf_redhat - Published: 2026-02-05 03:37 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup3 security update
Notes
Topic
An update for libsoup3 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup3 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2006",
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2006.json"
}
],
"title": "Red Hat Security Advisory: libsoup3 security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:19+00:00",
"generator": {
"date": "2026-02-17T18:23:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2006",
"initial_release_date": "2026-02-05T03:37:38+00:00",
"revision_history": [
{
"date": "2026-02-05T03:37:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T03:37:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.14.src",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.src",
"product_id": "libsoup3-0:3.6.5-3.el10_0.14.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.14?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"product_id": "libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.14?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.14?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.14?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.14?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"product_id": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.14?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.14?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.14?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.14?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.14.s390x",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.s390x",
"product_id": "libsoup3-0:3.6.5-3.el10_0.14.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.14?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.14?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.14?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.14?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"product_id": "libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_0.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_0.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_0.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_0.14?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"product": {
"name": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"product_id": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-doc@3.6.5-3.el10_0.14?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
},
"product_reference": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.src",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"product_id": "CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
},
"product_reference": "libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"relates_to_product_reference": "CRB-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T03:37:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T03:37:38+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"AppStream-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"AppStream-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"AppStream-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.src",
"CRB-10.0.Z.E2S:libsoup3-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debuginfo-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-debugsource-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.aarch64",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.ppc64le",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.s390x",
"CRB-10.0.Z.E2S:libsoup3-devel-0:3.6.5-3.el10_0.14.x86_64",
"CRB-10.0.Z.E2S:libsoup3-doc-0:3.6.5-3.el10_0.14.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2049
Vulnerability from csaf_redhat - Published: 2026-02-05 10:09 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 9.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2049",
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2049.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:16+00:00",
"generator": {
"date": "2026-02-17T18:23:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2049",
"initial_release_date": "2026-02-05T10:09:21+00:00",
"revision_history": [
{
"date": "2026-02-05T10:09:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T10:09:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-10.el9_6.6.src",
"product": {
"name": "libsoup-0:2.72.0-10.el9_6.6.src",
"product_id": "libsoup-0:2.72.0-10.el9_6.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-10.el9_6.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-10.el9_6.6.aarch64",
"product": {
"name": "libsoup-0:2.72.0-10.el9_6.6.aarch64",
"product_id": "libsoup-0:2.72.0-10.el9_6.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-10.el9_6.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"product": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"product_id": "libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-10.el9_6.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"product_id": "libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-10.el9_6.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"product_id": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-10.el9_6.6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"product": {
"name": "libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"product_id": "libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-10.el9_6.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"product": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"product_id": "libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-10.el9_6.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"product_id": "libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-10.el9_6.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"product_id": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-10.el9_6.6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-10.el9_6.6.i686",
"product": {
"name": "libsoup-0:2.72.0-10.el9_6.6.i686",
"product_id": "libsoup-0:2.72.0-10.el9_6.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-10.el9_6.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"product": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"product_id": "libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-10.el9_6.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"product": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"product_id": "libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-10.el9_6.6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"product_id": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-10.el9_6.6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-10.el9_6.6.x86_64",
"product": {
"name": "libsoup-0:2.72.0-10.el9_6.6.x86_64",
"product_id": "libsoup-0:2.72.0-10.el9_6.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-10.el9_6.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.x86_64",
"product": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.x86_64",
"product_id": "libsoup-devel-0:2.72.0-10.el9_6.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-10.el9_6.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"product_id": "libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-10.el9_6.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"product_id": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-10.el9_6.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-10.el9_6.6.s390x",
"product": {
"name": "libsoup-0:2.72.0-10.el9_6.6.s390x",
"product_id": "libsoup-0:2.72.0-10.el9_6.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-10.el9_6.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"product": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"product_id": "libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-10.el9_6.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"product": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"product_id": "libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-10.el9_6.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"product_id": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-10.el9_6.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-10.el9_6.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64"
},
"product_reference": "libsoup-0:2.72.0-10.el9_6.6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-10.el9_6.6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686"
},
"product_reference": "libsoup-0:2.72.0-10.el9_6.6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-10.el9_6.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le"
},
"product_reference": "libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-10.el9_6.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x"
},
"product_reference": "libsoup-0:2.72.0-10.el9_6.6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-10.el9_6.6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src"
},
"product_reference": "libsoup-0:2.72.0-10.el9_6.6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-10.el9_6.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64"
},
"product_reference": "libsoup-0:2.72.0-10.el9_6.6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686"
},
"product_reference": "libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x"
},
"product_reference": "libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64"
},
"product_reference": "libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686"
},
"product_reference": "libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le"
},
"product_reference": "libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x"
},
"product_reference": "libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-10.el9_6.6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"product_id": "AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
},
"product_reference": "libsoup-devel-0:2.72.0-10.el9_6.6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T10:09:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T10:09:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.src",
"AppStream-9.6.0.Z.EUS:libsoup-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debuginfo-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-debugsource-0:2.72.0-10.el9_6.6.x86_64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.aarch64",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.i686",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.ppc64le",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.s390x",
"AppStream-9.6.0.Z.EUS:libsoup-devel-0:2.72.0-10.el9_6.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2007
Vulnerability from csaf_redhat - Published: 2026-02-05 04:12 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2007",
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2007.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:15+00:00",
"generator": {
"date": "2026-02-17T18:23:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2007",
"initial_release_date": "2026-02-05T04:12:08+00:00",
"revision_history": [
{
"date": "2026-02-05T04:12:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T04:12:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_4.9.i686",
"product": {
"name": "libsoup-0:2.72.0-8.el9_4.9.i686",
"product_id": "libsoup-0:2.72.0-8.el9_4.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_4.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"product_id": "libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_4.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_4.9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_4.9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_4.9.x86_64",
"product": {
"name": "libsoup-0:2.72.0-8.el9_4.9.x86_64",
"product_id": "libsoup-0:2.72.0-8.el9_4.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_4.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.x86_64",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.x86_64",
"product_id": "libsoup-devel-0:2.72.0-8.el9_4.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_4.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_4.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_4.9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_4.9.s390x",
"product": {
"name": "libsoup-0:2.72.0-8.el9_4.9.s390x",
"product_id": "libsoup-0:2.72.0-8.el9_4.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_4.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"product_id": "libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_4.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_4.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_4.9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_4.9.src",
"product": {
"name": "libsoup-0:2.72.0-8.el9_4.9.src",
"product_id": "libsoup-0:2.72.0-8.el9_4.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_4.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_4.9.aarch64",
"product": {
"name": "libsoup-0:2.72.0-8.el9_4.9.aarch64",
"product_id": "libsoup-0:2.72.0-8.el9_4.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_4.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"product_id": "libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_4.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_4.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_4.9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"product": {
"name": "libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"product_id": "libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_4.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"product_id": "libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_4.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_4.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_4.9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_4.9.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64"
},
"product_reference": "libsoup-0:2.72.0-8.el9_4.9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_4.9.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686"
},
"product_reference": "libsoup-0:2.72.0-8.el9_4.9.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_4.9.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le"
},
"product_reference": "libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_4.9.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x"
},
"product_reference": "libsoup-0:2.72.0-8.el9_4.9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_4.9.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src"
},
"product_reference": "libsoup-0:2.72.0-8.el9_4.9.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_4.9.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64"
},
"product_reference": "libsoup-0:2.72.0-8.el9_4.9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_4.9.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_4.9.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T04:12:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T04:12:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.src",
"AppStream-9.4.0.Z.EUS:libsoup-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debuginfo-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-debugsource-0:2.72.0-8.el9_4.9.x86_64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.aarch64",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.i686",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.ppc64le",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.s390x",
"AppStream-9.4.0.Z.EUS:libsoup-devel-0:2.72.0-8.el9_4.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2214
Vulnerability from csaf_redhat - Published: 2026-02-09 02:17 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: spice-client-win security update
Notes
Topic
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Spice client MSI installers for Windows clients
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2214",
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2214.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:18+00:00",
"generator": {
"date": "2026-02-17T18:23:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2214",
"initial_release_date": "2026-02-09T02:17:51+00:00",
"revision_history": [
{
"date": "2026-02-09T02:17:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T02:17:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-7.el8_10.src",
"product": {
"name": "spice-client-win-0:8.10-7.el8_10.src",
"product_id": "spice-client-win-0:8.10-7.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-7.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-7.el8_10.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-7.el8_10.noarch",
"product_id": "spice-client-win-x64-0:8.10-7.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-7.el8_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-7.el8_10.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-7.el8_10.noarch",
"product_id": "spice-client-win-x86-0:8.10-7.el8_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-7.el8_10?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_10.noarch as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_10.noarch",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T02:17:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T02:17:51+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-0:8.10-7.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x64-0:8.10-7.el8_10.noarch",
"AppStream-8.10.0.Z.MAIN.EUS:spice-client-win-x86-0:8.10-7.el8_10.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2005
Vulnerability from csaf_redhat - Published: 2026-02-05 03:34 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2005",
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2005.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:15+00:00",
"generator": {
"date": "2026-02-17T18:23:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2005",
"initial_release_date": "2026-02-05T03:34:18+00:00",
"revision_history": [
{
"date": "2026-02-05T03:34:18+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T03:34:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_2.10.src",
"product": {
"name": "libsoup-0:2.72.0-8.el9_2.10.src",
"product_id": "libsoup-0:2.72.0-8.el9_2.10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_2.10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_2.10.aarch64",
"product": {
"name": "libsoup-0:2.72.0-8.el9_2.10.aarch64",
"product_id": "libsoup-0:2.72.0-8.el9_2.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_2.10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"product_id": "libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_2.10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_2.10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_2.10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"product": {
"name": "libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"product_id": "libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_2.10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"product_id": "libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_2.10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_2.10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_2.10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_2.10.i686",
"product": {
"name": "libsoup-0:2.72.0-8.el9_2.10.i686",
"product_id": "libsoup-0:2.72.0-8.el9_2.10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_2.10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"product_id": "libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_2.10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_2.10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_2.10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_2.10.x86_64",
"product": {
"name": "libsoup-0:2.72.0-8.el9_2.10.x86_64",
"product_id": "libsoup-0:2.72.0-8.el9_2.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_2.10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.x86_64",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.x86_64",
"product_id": "libsoup-devel-0:2.72.0-8.el9_2.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_2.10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_2.10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_2.10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-8.el9_2.10.s390x",
"product": {
"name": "libsoup-0:2.72.0-8.el9_2.10.s390x",
"product_id": "libsoup-0:2.72.0-8.el9_2.10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-8.el9_2.10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"product": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"product_id": "libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-8.el9_2.10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"product": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"product_id": "libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-8.el9_2.10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"product_id": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-8.el9_2.10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_2.10.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64"
},
"product_reference": "libsoup-0:2.72.0-8.el9_2.10.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_2.10.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686"
},
"product_reference": "libsoup-0:2.72.0-8.el9_2.10.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_2.10.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le"
},
"product_reference": "libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_2.10.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x"
},
"product_reference": "libsoup-0:2.72.0-8.el9_2.10.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_2.10.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src"
},
"product_reference": "libsoup-0:2.72.0-8.el9_2.10.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-8.el9_2.10.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64"
},
"product_reference": "libsoup-0:2.72.0-8.el9_2.10.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-8.el9_2.10.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
},
"product_reference": "libsoup-devel-0:2.72.0-8.el9_2.10.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T03:34:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T03:34:18+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.src",
"AppStream-9.2.0.Z.E4S:libsoup-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debuginfo-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-debugsource-0:2.72.0-8.el9_2.10.x86_64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.aarch64",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.i686",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.ppc64le",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.s390x",
"AppStream-9.2.0.Z.E4S:libsoup-devel-0:2.72.0-8.el9_2.10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:1948
Vulnerability from csaf_redhat - Published: 2026-02-04 19:21 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1948",
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1948.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:14+00:00",
"generator": {
"date": "2026-02-17T18:23:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:1948",
"initial_release_date": "2026-02-04T19:21:37+00:00",
"revision_history": [
{
"date": "2026-02-04T19:21:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-04T19:21:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.8.src",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.8.src",
"product_id": "libsoup-0:2.62.3-3.el8_8.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"product_id": "libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.8.i686",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.8.i686",
"product_id": "libsoup-0:2.62.3-3.el8_8.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"product": {
"name": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"product_id": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-3.el8_8.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-3.el8_8.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-3.el8_8.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"product_id": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-3.el8_8.8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T19:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-04T19:21:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"AppStream-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"AppStream-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"AppStream-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.E4S:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.ppc64le",
"BaseOS-8.8.0.Z.E4S:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.src",
"BaseOS-8.8.0.Z.TUS:libsoup-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debuginfo-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-debugsource-0:2.62.3-3.el8_8.8.x86_64",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.i686",
"BaseOS-8.8.0.Z.TUS:libsoup-devel-0:2.62.3-3.el8_8.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2512
Vulnerability from csaf_redhat - Published: 2026-02-11 07:51 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2512",
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2512.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:26+00:00",
"generator": {
"date": "2026-02-17T18:23:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2512",
"initial_release_date": "2026-02-11T07:51:37+00:00",
"revision_history": [
{
"date": "2026-02-11T07:51:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T07:51:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"product_id": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_6.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_6.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_6.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_6.8.i686",
"product": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686",
"product_id": "libsoup-0:2.62.3-2.el8_6.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_6.8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"product_id": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_6.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_6.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_6.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"product": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"product_id": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_6.8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_6.8.src",
"product": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src",
"product_id": "libsoup-0:2.62.3-2.el8_6.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_6.8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_6.8.aarch64",
"product": {
"name": "libsoup-0:2.62.3-2.el8_6.8.aarch64",
"product_id": "libsoup-0:2.62.3-2.el8_6.8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_6.8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_6.8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_6.8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"product_id": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_6.8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"product": {
"name": "libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"product_id": "libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_6.8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_6.8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_6.8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"product_id": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_6.8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_6.8.s390x",
"product": {
"name": "libsoup-0:2.62.3-2.el8_6.8.s390x",
"product_id": "libsoup-0:2.62.3-2.el8_6.8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_6.8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_6.8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_6.8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"product_id": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_6.8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T07:51:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T07:51:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"AppStream-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"AppStream-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"AppStream-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.AUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.E4S:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.aarch64",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.ppc64le",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.s390x",
"BaseOS-8.6.0.Z.E4S:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.src",
"BaseOS-8.6.0.Z.TUS:libsoup-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debuginfo-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-debugsource-0:2.62.3-2.el8_6.8.x86_64",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.i686",
"BaseOS-8.6.0.Z.TUS:libsoup-devel-0:2.62.3-2.el8_6.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2529
Vulnerability from csaf_redhat - Published: 2026-02-11 10:35 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: spice-client-win security update
Notes
Topic
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Spice client MSI installers for Windows clients
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2529",
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2529.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:27+00:00",
"generator": {
"date": "2026-02-17T18:23:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2529",
"initial_release_date": "2026-02-11T10:35:21+00:00",
"revision_history": [
{
"date": "2026-02-11T10:35:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T10:35:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-7.el8_6.1.src",
"product": {
"name": "spice-client-win-0:8.10-7.el8_6.1.src",
"product_id": "spice-client-win-0:8.10-7.el8_6.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-7.el8_6.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-7.el8_6.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-7.el8_6.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"product_id": "AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_6.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_6.1.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"relates_to_product_reference": "AppStream-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T10:35:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T10:35:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.AUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.AUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.AUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-0:8.10-7.el8_6.1.src",
"AppStream-8.6.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_6.1.noarch",
"AppStream-8.6.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2528
Vulnerability from csaf_redhat - Published: 2026-02-11 10:36 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: spice-client-win security update
Notes
Topic
An update for spice-client-win is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Spice client MSI installers for Windows clients
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for spice-client-win is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Spice client MSI installers for Windows clients\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2528",
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2528.json"
}
],
"title": "Red Hat Security Advisory: spice-client-win security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:27+00:00",
"generator": {
"date": "2026-02-17T18:23:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2528",
"initial_release_date": "2026-02-11T10:36:01+00:00",
"revision_history": [
{
"date": "2026-02-11T10:36:01+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T10:36:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.8::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-0:8.10-7.el8_8.1.src",
"product": {
"name": "spice-client-win-0:8.10-7.el8_8.1.src",
"product_id": "spice-client-win-0:8.10-7.el8_8.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win@8.10-7.el8_8.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"product": {
"name": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"product_id": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x64@8.10-7.el8_8.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"product": {
"name": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"product_id": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/spice-client-win-x86@8.10-7.el8_8.1?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream E4S (v.8.8)",
"product_id": "AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-0:8.10-7.el8_8.1.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src"
},
"product_reference": "spice-client-win-0:8.10-7.el8_8.1.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch as a component of Red Hat Enterprise Linux AppStream TUS (v.8.8)",
"product_id": "AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
},
"product_reference": "spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"relates_to_product_reference": "AppStream-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T10:36:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T10:36:01+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.E4S:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.E4S:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.E4S:spice-client-win-x86-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-0:8.10-7.el8_8.1.src",
"AppStream-8.8.0.Z.TUS:spice-client-win-x64-0:8.10-7.el8_8.1.noarch",
"AppStream-8.8.0.Z.TUS:spice-client-win-x86-0:8.10-7.el8_8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2182
Vulnerability from csaf_redhat - Published: 2026-02-05 19:29 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup3 security update
Notes
Topic
An update for libsoup3 is now available for Red Hat Enterprise Linux 10.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup3 is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2182",
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2182.json"
}
],
"title": "Red Hat Security Advisory: libsoup3 security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:18+00:00",
"generator": {
"date": "2026-02-17T18:23:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2182",
"initial_release_date": "2026-02-05T19:29:47+00:00",
"revision_history": [
{
"date": "2026-02-05T19:29:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-05T19:29:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_1.9.src",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.src",
"product_id": "libsoup3-0:3.6.5-3.el10_1.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_1.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"product_id": "libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_1.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_1.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_1.9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_1.9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"product_id": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_1.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_1.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_1.9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_1.9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"product_id": "libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_1.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_1.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_1.9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_1.9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-0:3.6.5-3.el10_1.9.s390x",
"product": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.s390x",
"product_id": "libsoup3-0:3.6.5-3.el10_1.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3@3.6.5-3.el10_1.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"product": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"product_id": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-devel@3.6.5-3.el10_1.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"product": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"product_id": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debugsource@3.6.5-3.el10_1.9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"product": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"product_id": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-debuginfo@3.6.5-3.el10_1.9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"product": {
"name": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"product_id": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup3-doc@3.6.5-3.el10_1.9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.src",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
},
"product_reference": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"relates_to_product_reference": "AppStream-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.src as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.src",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64 as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64"
},
"product_reference": "libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"relates_to_product_reference": "CRB-10.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch as a component of Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"product_id": "CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
},
"product_reference": "libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"relates_to_product_reference": "CRB-10.1.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T19:29:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-05T19:29:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"AppStream-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"AppStream-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"AppStream-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.src",
"CRB-10.1.Z:libsoup3-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debuginfo-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-debugsource-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.aarch64",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.ppc64le",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.s390x",
"CRB-10.1.Z:libsoup3-devel-0:3.6.5-3.el10_1.9.x86_64",
"CRB-10.1.Z:libsoup3-doc-0:3.6.5-3.el10_1.9.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2396
Vulnerability from csaf_redhat - Published: 2026-02-10 08:45 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2396",
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2396.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:22+00:00",
"generator": {
"date": "2026-02-17T18:23:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2396",
"initial_release_date": "2026-02-10T08:45:31+00:00",
"revision_history": [
{
"date": "2026-02-10T08:45:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-10T08:45:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"product_id": "libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-1.el8_2.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"product_id": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-1.el8_2.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-1.el8_2.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-1.el8_2.8.i686",
"product": {
"name": "libsoup-0:2.62.3-1.el8_2.8.i686",
"product_id": "libsoup-0:2.62.3-1.el8_2.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-1.el8_2.8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"product_id": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-1.el8_2.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-1.el8_2.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-1.el8_2.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-1.el8_2.8.x86_64",
"product": {
"name": "libsoup-0:2.62.3-1.el8_2.8.x86_64",
"product_id": "libsoup-0:2.62.3-1.el8_2.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-1.el8_2.8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-1.el8_2.8.src",
"product": {
"name": "libsoup-0:2.62.3-1.el8_2.8.src",
"product_id": "libsoup-0:2.62.3-1.el8_2.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-1.el8_2.8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-1.el8_2.8.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src"
},
"product_reference": "libsoup-0:2.62.3-1.el8_2.8.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-1.el8_2.8.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src"
},
"product_reference": "libsoup-0:2.62.3-1.el8_2.8.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T08:45:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T08:45:31+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"AppStream-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"AppStream-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.src",
"BaseOS-8.2.0.Z.AUS:libsoup-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debuginfo-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-debugsource-0:2.62.3-1.el8_2.8.x86_64",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.i686",
"BaseOS-8.2.0.Z.AUS:libsoup-devel-0:2.62.3-1.el8_2.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2402
Vulnerability from csaf_redhat - Published: 2026-02-10 09:11 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2402",
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2402.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:24+00:00",
"generator": {
"date": "2026-02-17T18:23:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2402",
"initial_release_date": "2026-02-10T09:11:21+00:00",
"revision_history": [
{
"date": "2026-02-10T09:11:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-10T09:11:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"product_id": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_4.8?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_4.8.i686",
"product": {
"name": "libsoup-0:2.62.3-2.el8_4.8.i686",
"product_id": "libsoup-0:2.62.3-2.el8_4.8.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_4.8?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"product_id": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.3-2.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"product_id": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.62.3-2.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.3-2.el8_4.8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"product": {
"name": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"product_id": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_4.8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.3-2.el8_4.8.src",
"product": {
"name": "libsoup-0:2.62.3-2.el8_4.8.src",
"product_id": "libsoup-0:2.62.3-2.el8_4.8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.3-2.el8_4.8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.src as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
"product_id": "AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T09:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-10T09:11:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"AppStream-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.AUS:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.AUS:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debuginfo-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-debugsource-0:2.62.3-2.el8_4.8.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:libsoup-devel-0:2.62.3-2.el8_4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2216
Vulnerability from csaf_redhat - Published: 2026-02-09 02:55 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2216",
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2216.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:20+00:00",
"generator": {
"date": "2026-02-17T18:23:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2216",
"initial_release_date": "2026-02-09T02:55:11+00:00",
"revision_history": [
{
"date": "2026-02-09T02:55:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-09T02:55:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-12.el9_7.5.src",
"product": {
"name": "libsoup-0:2.72.0-12.el9_7.5.src",
"product_id": "libsoup-0:2.72.0-12.el9_7.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-12.el9_7.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-12.el9_7.5.aarch64",
"product": {
"name": "libsoup-0:2.72.0-12.el9_7.5.aarch64",
"product_id": "libsoup-0:2.72.0-12.el9_7.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-12.el9_7.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"product": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"product_id": "libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-12.el9_7.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"product_id": "libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-12.el9_7.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"product_id": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-12.el9_7.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"product": {
"name": "libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"product_id": "libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-12.el9_7.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"product": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"product_id": "libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-12.el9_7.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"product": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"product_id": "libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-12.el9_7.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"product_id": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-12.el9_7.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-12.el9_7.5.i686",
"product": {
"name": "libsoup-0:2.72.0-12.el9_7.5.i686",
"product_id": "libsoup-0:2.72.0-12.el9_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-12.el9_7.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"product": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"product_id": "libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-12.el9_7.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"product": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"product_id": "libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-12.el9_7.5?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"product_id": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-12.el9_7.5?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-12.el9_7.5.x86_64",
"product": {
"name": "libsoup-0:2.72.0-12.el9_7.5.x86_64",
"product_id": "libsoup-0:2.72.0-12.el9_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-12.el9_7.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.x86_64",
"product": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.x86_64",
"product_id": "libsoup-devel-0:2.72.0-12.el9_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-12.el9_7.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"product": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"product_id": "libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-12.el9_7.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"product_id": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-12.el9_7.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.72.0-12.el9_7.5.s390x",
"product": {
"name": "libsoup-0:2.72.0-12.el9_7.5.s390x",
"product_id": "libsoup-0:2.72.0-12.el9_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.72.0-12.el9_7.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"product": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"product_id": "libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.72.0-12.el9_7.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"product": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"product_id": "libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debugsource@2.72.0-12.el9_7.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"product_id": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.72.0-12.el9_7.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-12.el9_7.5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64"
},
"product_reference": "libsoup-0:2.72.0-12.el9_7.5.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-12.el9_7.5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686"
},
"product_reference": "libsoup-0:2.72.0-12.el9_7.5.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-12.el9_7.5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le"
},
"product_reference": "libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-12.el9_7.5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x"
},
"product_reference": "libsoup-0:2.72.0-12.el9_7.5.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-12.el9_7.5.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src"
},
"product_reference": "libsoup-0:2.72.0-12.el9_7.5.src",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.72.0-12.el9_7.5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64"
},
"product_reference": "libsoup-0:2.72.0-12.el9_7.5.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686"
},
"product_reference": "libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le"
},
"product_reference": "libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x"
},
"product_reference": "libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64"
},
"product_reference": "libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64"
},
"product_reference": "libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686"
},
"product_reference": "libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le"
},
"product_reference": "libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x"
},
"product_reference": "libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.72.0-12.el9_7.5.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
},
"product_reference": "libsoup-devel-0:2.72.0-12.el9_7.5.x86_64",
"relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T02:55:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-09T02:55:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.src",
"AppStream-9.7.0.Z.MAIN:libsoup-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debuginfo-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-debugsource-0:2.72.0-12.el9_7.5.x86_64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.aarch64",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.i686",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.ppc64le",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.s390x",
"AppStream-9.7.0.Z.MAIN:libsoup-devel-0:2.72.0-12.el9_7.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
RHSA-2026:2628
Vulnerability from csaf_redhat - Published: 2026-02-12 09:15 - Updated: 2026-02-17 18:23Summary
Red Hat Security Advisory: libsoup security update
Notes
Topic
An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The libsoup packages provide an HTTP client and server library for GNOME.\n\nSecurity Fix(es):\n\n* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)\n\n* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2628",
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2628.json"
}
],
"title": "Red Hat Security Advisory: libsoup security update",
"tracking": {
"current_release_date": "2026-02-17T18:23:30+00:00",
"generator": {
"date": "2026-02-17T18:23:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2628",
"initial_release_date": "2026-02-12T09:15:54+00:00",
"revision_history": [
{
"date": "2026-02-12T09:15:54+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-12T09:15:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-17T18:23:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.src",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.src",
"product_id": "libsoup-0:2.62.2-11.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.ppc",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.ppc",
"product_id": "libsoup-0:2.62.2-11.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.ppc64",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.ppc64",
"product_id": "libsoup-0:2.62.2-11.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.s390",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.s390",
"product_id": "libsoup-0:2.62.2-11.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.s390",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.s390",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=s390"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.s390x",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.s390x",
"product_id": "libsoup-0:2.62.2-11.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.s390x",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.s390x",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.x86_64",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.x86_64",
"product_id": "libsoup-0:2.62.2-11.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.x86_64",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.x86_64",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.i686",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.i686",
"product_id": "libsoup-0:2.62.2-11.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.i686",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.i686",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-0:2.62.2-11.el7_9.ppc64le",
"product": {
"name": "libsoup-0:2.62.2-11.el7_9.ppc64le",
"product_id": "libsoup-0:2.62.2-11.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup@2.62.2-11.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"product": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"product_id": "libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-devel@2.62.2-11.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"product": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"product_id": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libsoup-debuginfo@2.62.2-11.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.src"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-0:2.62.2-11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64"
},
"product_reference": "libsoup-0:2.62.2-11.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64"
},
"product_reference": "libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-0:2.62.2-11.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
},
"product_reference": "libsoup-devel-0:2.62.2-11.el7_9.x86_64",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"treeplus"
]
}
],
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-01-08T12:09:43.352000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427906"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed this vulnerability as Important severity due to its remote exploitability and lack of authentication requirements. Successful exploitation allows an attacker to crash any client or service using libsoup\u2019s NTLM authentication mechanism. The root cause is improper handling of signed integer arithmetic, which leads to stack buffer overflow and denial-of-service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "RHBZ#2427906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0719",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0719"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T09:15:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication"
},
{
"acknowledgments": [
{
"names": [
"Naoki Wakamatsu"
]
}
],
"cve": "CVE-2026-1761",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2026-02-02T12:51:56.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435961"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT flaw in libsoup involves a stack-based buffer overflow during the parsing of multipart HTTP responses. A remote attacker can exploit this vulnerability by sending a specially crafted response, leading to memory corruption and potentially arbitrary code execution or application crashes in Red Hat products that utilize libsoup to process untrusted server responses. This issue does not require authentication or user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1761"
},
{
"category": "external",
"summary": "RHBZ#2435961",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435961"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1761"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1761"
}
],
"release_date": "2026-02-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-12T09:15:54+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing libsoup that process HTTP responses should be configured to only communicate with trusted endpoints. Implement network egress filtering to restrict vulnerable applications from connecting to untrusted external services, thereby reducing the exposure to specially crafted multipart HTTP responses.",
"product_ids": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.src",
"7Server-ELS:libsoup-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-debuginfo-0:2.62.2-11.el7_9.x86_64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.i686",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.ppc64le",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.s390x",
"7Server-ELS:libsoup-devel-0:2.62.2-11.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response"
}
]
}
SUSE-SU-2026:0257-1
Vulnerability from csaf_suse - Published: 2026-01-22 16:09 - Updated: 2026-01-22 16:09Summary
Security update for libsoup
Notes
Title of the patch
Security update for libsoup
Description of the patch
This update for libsoup fixes the following issues:
- CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418)
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
Patchnames
SUSE-2026-257,SUSE-SLE-Module-Basesystem-15-SP7-2026-257,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-257,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-257,openSUSE-SLE-15.6-2026-257
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsoup",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsoup fixes the following issues:\n\n- CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418)\n- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)\n- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-257,SUSE-SLE-Module-Basesystem-15-SP7-2026-257,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-257,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-257,openSUSE-SLE-15.6-2026-257",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0257-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0257-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260257-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0257-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023891.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254876",
"url": "https://bugzilla.suse.com/1254876"
},
{
"category": "self",
"summary": "SUSE Bug 1256399",
"url": "https://bugzilla.suse.com/1256399"
},
{
"category": "self",
"summary": "SUSE Bug 1256418",
"url": "https://bugzilla.suse.com/1256418"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-14523 page",
"url": "https://www.suse.com/security/cve/CVE-2025-14523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "Security update for libsoup",
"tracking": {
"current_release_date": "2026-01-22T16:09:13Z",
"generator": {
"date": "2026-01-22T16:09:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0257-1",
"initial_release_date": "2026-01-22T16:09:13Z",
"revision_history": [
{
"date": "2026-01-22T16:09:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"product": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"product_id": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"product": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"product_id": "libsoup-devel-3.4.4-150600.3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"product_id": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-64bit-3.4.4-150600.3.28.1.aarch64_ilp32",
"product": {
"name": "libsoup-3_0-0-64bit-3.4.4-150600.3.28.1.aarch64_ilp32",
"product_id": "libsoup-3_0-0-64bit-3.4.4-150600.3.28.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libsoup-devel-64bit-3.4.4-150600.3.28.1.aarch64_ilp32",
"product": {
"name": "libsoup-devel-64bit-3.4.4-150600.3.28.1.aarch64_ilp32",
"product_id": "libsoup-devel-64bit-3.4.4-150600.3.28.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.i586",
"product": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.i586",
"product_id": "libsoup-3_0-0-3.4.4-150600.3.28.1.i586"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.4.4-150600.3.28.1.i586",
"product": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.i586",
"product_id": "libsoup-devel-3.4.4-150600.3.28.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.i586",
"product": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.i586",
"product_id": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-lang-3.4.4-150600.3.28.1.noarch",
"product": {
"name": "libsoup-lang-3.4.4-150600.3.28.1.noarch",
"product_id": "libsoup-lang-3.4.4-150600.3.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"product": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"product_id": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"product": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"product_id": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"product_id": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"product": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"product_id": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.4.4-150600.3.28.1.s390x",
"product": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.s390x",
"product_id": "libsoup-devel-3.4.4-150600.3.28.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"product": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"product_id": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"product": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"product_id": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"product": {
"name": "libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"product_id": "libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"product": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"product_id": "libsoup-devel-3.4.4-150600.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"product": {
"name": "libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"product_id": "libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"product_id": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.4.4-150600.3.28.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.4.4-150600.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.4.4-150600.3.28.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.4.4-150600.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.4.4-150600.3.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.4.4-150600.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.4.4-150600.3.28.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.4.4-150600.3.28.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.4.4-150600.3.28.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-14523"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libsoup\u0027s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-14523",
"url": "https://www.suse.com/security/cve/CVE-2025-14523"
},
{
"category": "external",
"summary": "SUSE Bug 1254876 for CVE-2025-14523",
"url": "https://bugzilla.suse.com/1254876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:09:13Z",
"details": "important"
}
],
"title": "CVE-2025-14523"
},
{
"cve": "CVE-2026-0716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0716"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libsoup\u0027s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup\u0027s WebSocket support with this configuration may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0716",
"url": "https://www.suse.com/security/cve/CVE-2026-0716"
},
{
"category": "external",
"summary": "SUSE Bug 1256418 for CVE-2026-0716",
"url": "https://bugzilla.suse.com/1256418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:09:13Z",
"details": "moderate"
}
],
"title": "CVE-2026-0716"
},
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-3_0-0-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-3_0-0-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:libsoup-devel-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-devel-32bit-3.4.4-150600.3.28.1.x86_64",
"openSUSE Leap 15.6:libsoup-lang-3.4.4-150600.3.28.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-3_0-3.4.4-150600.3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:09:13Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
SUSE-SU-2026:0253-1
Vulnerability from csaf_suse - Published: 2026-01-22 16:08 - Updated: 2026-01-22 16:08Summary
Security update for libsoup2
Notes
Title of the patch
Security update for libsoup2
Description of the patch
This update for libsoup2 fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
Patchnames
SUSE-2026-253,SUSE-SLE-Module-Basesystem-15-SP7-2026-253,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-253,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-253,openSUSE-SLE-15.6-2026-253
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsoup2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsoup2 fixes the following issues:\n\n- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).\n- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-253,SUSE-SLE-Module-Basesystem-15-SP7-2026-253,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-253,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-253,openSUSE-SLE-15.6-2026-253",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0253-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0253-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260253-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0253-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023895.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254876",
"url": "https://bugzilla.suse.com/1254876"
},
{
"category": "self",
"summary": "SUSE Bug 1256399",
"url": "https://bugzilla.suse.com/1256399"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-14523 page",
"url": "https://www.suse.com/security/cve/CVE-2025-14523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "Security update for libsoup2",
"tracking": {
"current_release_date": "2026-01-22T16:08:05Z",
"generator": {
"date": "2026-01-22T16:08:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0253-1",
"initial_release_date": "2026-01-22T16:08:05Z",
"revision_history": [
{
"date": "2026-01-22T16:08:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"product": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"product_id": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"product": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"product_id": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-64bit-2.74.3-150600.4.19.1.aarch64_ilp32",
"product": {
"name": "libsoup-2_4-1-64bit-2.74.3-150600.4.19.1.aarch64_ilp32",
"product_id": "libsoup-2_4-1-64bit-2.74.3-150600.4.19.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-64bit-2.74.3-150600.4.19.1.aarch64_ilp32",
"product": {
"name": "libsoup2-devel-64bit-2.74.3-150600.4.19.1.aarch64_ilp32",
"product_id": "libsoup2-devel-64bit-2.74.3-150600.4.19.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.i586",
"product": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.i586",
"product_id": "libsoup-2_4-1-2.74.3-150600.4.19.1.i586"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-150600.4.19.1.i586",
"product": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.i586",
"product_id": "libsoup2-devel-2.74.3-150600.4.19.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.i586",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.i586",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"product": {
"name": "libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"product_id": "libsoup2-lang-2.74.3-150600.4.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"product": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"product_id": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"product": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"product_id": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"product": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"product_id": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"product": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"product_id": "libsoup2-devel-2.74.3-150600.4.19.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"product": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"product_id": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"product": {
"name": "libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"product_id": "libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"product": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"product_id": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"product": {
"name": "libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"product_id": "libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-150600.4.19.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-150600.4.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-150600.4.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-150600.4.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-14523"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libsoup\u0027s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-14523",
"url": "https://www.suse.com/security/cve/CVE-2025-14523"
},
{
"category": "external",
"summary": "SUSE Bug 1254876 for CVE-2025-14523",
"url": "https://bugzilla.suse.com/1254876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:08:05Z",
"details": "important"
}
],
"title": "CVE-2025-14523"
},
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP6-LTSS:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.19.1.x86_64",
"openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.19.1.noarch",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.aarch64",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.ppc64le",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.s390x",
"openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:08:05Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
SUSE-SU-2026:0265-1
Vulnerability from csaf_suse - Published: 2026-01-23 07:08 - Updated: 2026-01-23 07:08Summary
Security update for libsoup
Notes
Title of the patch
Security update for libsoup
Description of the patch
This update for libsoup fixes the following issues:
- CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication (bsc#1256399).
Patchnames
SUSE-2026-265,SUSE-SLE-SERVER-12-SP5-LTSS-2026-265,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-265
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsoup",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsoup fixes the following issues:\n\n- CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication (bsc#1256399).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-265,SUSE-SLE-SERVER-12-SP5-LTSS-2026-265,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-265",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0265-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0265-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260265-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0265-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023897.html"
},
{
"category": "self",
"summary": "SUSE Bug 1256399",
"url": "https://bugzilla.suse.com/1256399"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "Security update for libsoup",
"tracking": {
"current_release_date": "2026-01-23T07:08:44Z",
"generator": {
"date": "2026-01-23T07:08:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0265-1",
"initial_release_date": "2026-01-23T07:08:44Z",
"revision_history": [
{
"date": "2026-01-23T07:08:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.62.2-5.26.1.aarch64",
"product": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.aarch64",
"product_id": "libsoup-2_4-1-2.62.2-5.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.62.2-5.26.1.aarch64",
"product": {
"name": "libsoup-devel-2.62.2-5.26.1.aarch64",
"product_id": "libsoup-devel-2.62.2-5.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64",
"product_id": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-64bit-2.62.2-5.26.1.aarch64_ilp32",
"product": {
"name": "libsoup-2_4-1-64bit-2.62.2-5.26.1.aarch64_ilp32",
"product_id": "libsoup-2_4-1-64bit-2.62.2-5.26.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libsoup-devel-64bit-2.62.2-5.26.1.aarch64_ilp32",
"product": {
"name": "libsoup-devel-64bit-2.62.2-5.26.1.aarch64_ilp32",
"product_id": "libsoup-devel-64bit-2.62.2-5.26.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.62.2-5.26.1.i586",
"product": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.i586",
"product_id": "libsoup-2_4-1-2.62.2-5.26.1.i586"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.62.2-5.26.1.i586",
"product": {
"name": "libsoup-devel-2.62.2-5.26.1.i586",
"product_id": "libsoup-devel-2.62.2-5.26.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.i586",
"product": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.i586",
"product_id": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-lang-2.62.2-5.26.1.noarch",
"product": {
"name": "libsoup-lang-2.62.2-5.26.1.noarch",
"product_id": "libsoup-lang-2.62.2-5.26.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.62.2-5.26.1.ppc64le",
"product": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.ppc64le",
"product_id": "libsoup-2_4-1-2.62.2-5.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.62.2-5.26.1.ppc64le",
"product": {
"name": "libsoup-devel-2.62.2-5.26.1.ppc64le",
"product_id": "libsoup-devel-2.62.2-5.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le",
"product_id": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.62.2-5.26.1.s390",
"product": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.s390",
"product_id": "libsoup-2_4-1-2.62.2-5.26.1.s390"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.62.2-5.26.1.s390",
"product": {
"name": "libsoup-devel-2.62.2-5.26.1.s390",
"product_id": "libsoup-devel-2.62.2-5.26.1.s390"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390",
"product": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390",
"product_id": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.62.2-5.26.1.s390x",
"product": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.s390x",
"product_id": "libsoup-2_4-1-2.62.2-5.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x",
"product": {
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x",
"product_id": "libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.62.2-5.26.1.s390x",
"product": {
"name": "libsoup-devel-2.62.2-5.26.1.s390x",
"product_id": "libsoup-devel-2.62.2-5.26.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-2.62.2-5.26.1.s390x",
"product": {
"name": "libsoup-devel-32bit-2.62.2-5.26.1.s390x",
"product_id": "libsoup-devel-32bit-2.62.2-5.26.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x",
"product": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x",
"product_id": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"product": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"product_id": "libsoup-2_4-1-2.62.2-5.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"product": {
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"product_id": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.62.2-5.26.1.x86_64",
"product": {
"name": "libsoup-devel-2.62.2-5.26.1.x86_64",
"product_id": "libsoup-devel-2.62.2-5.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-2.62.2-5.26.1.x86_64",
"product": {
"name": "libsoup-devel-32bit-2.62.2-5.26.1.x86_64",
"product_id": "libsoup-devel-32bit-2.62.2-5.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"product_id": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.62.2-5.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.62.2-5.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.62.2-5.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x"
},
"product_reference": "libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64"
},
"product_reference": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-2.62.2-5.26.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.aarch64"
},
"product_reference": "libsoup-devel-2.62.2-5.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-2.62.2-5.26.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.ppc64le"
},
"product_reference": "libsoup-devel-2.62.2-5.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-2.62.2-5.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.s390x"
},
"product_reference": "libsoup-devel-2.62.2-5.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.x86_64"
},
"product_reference": "libsoup-devel-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-2.62.2-5.26.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-lang-2.62.2-5.26.1.noarch"
},
"product_reference": "libsoup-lang-2.62.2-5.26.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-2.62.2-5.26.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64"
},
"product_reference": "libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-devel-2.62.2-5.26.1.x86_64"
},
"product_reference": "libsoup-devel-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-2.62.2-5.26.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-lang-2.62.2-5.26.1.noarch"
},
"product_reference": "libsoup-lang-2.62.2-5.26.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-lang-2.62.2-5.26.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-devel-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-lang-2.62.2-5.26.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-lang-2.62.2-5.26.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-devel-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-lang-2.62.2-5.26.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-lang-2.62.2-5.26.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-32bit-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-devel-2.62.2-5.26.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-lang-2.62.2-5.26.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-Soup-2_4-2.62.2-5.26.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-23T07:08:44Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
SUSE-SU-2026:0151-1
Vulnerability from csaf_suse - Published: 2026-01-19 09:56 - Updated: 2026-01-19 09:56Summary
Security update for libsoup
Notes
Title of the patch
Security update for libsoup
Description of the patch
This update for libsoup fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed
upsteram update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
Patchnames
SUSE-2026-151,SUSE-SUSE-MicroOS-5.2-2026-151
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsoup",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsoup fixes the following issues:\n\n- CVE-2025-14523: Reject duplicated Host in headers and followed \n upsteram update (bsc#1254876).\n- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-151,SUSE-SUSE-MicroOS-5.2-2026-151",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0151-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0151-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260151-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0151-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023792.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254876",
"url": "https://bugzilla.suse.com/1254876"
},
{
"category": "self",
"summary": "SUSE Bug 1256399",
"url": "https://bugzilla.suse.com/1256399"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-14523 page",
"url": "https://www.suse.com/security/cve/CVE-2025-14523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "Security update for libsoup",
"tracking": {
"current_release_date": "2026-01-19T09:56:33Z",
"generator": {
"date": "2026-01-19T09:56:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0151-1",
"initial_release_date": "2026-01-19T09:56:33Z",
"revision_history": [
{
"date": "2026-01-19T09:56:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"product": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"product_id": "libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.68.4-150200.4.19.1.aarch64",
"product": {
"name": "libsoup-devel-2.68.4-150200.4.19.1.aarch64",
"product_id": "libsoup-devel-2.68.4-150200.4.19.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.aarch64",
"product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-64bit-2.68.4-150200.4.19.1.aarch64_ilp32",
"product": {
"name": "libsoup-2_4-1-64bit-2.68.4-150200.4.19.1.aarch64_ilp32",
"product_id": "libsoup-2_4-1-64bit-2.68.4-150200.4.19.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libsoup-devel-64bit-2.68.4-150200.4.19.1.aarch64_ilp32",
"product": {
"name": "libsoup-devel-64bit-2.68.4-150200.4.19.1.aarch64_ilp32",
"product_id": "libsoup-devel-64bit-2.68.4-150200.4.19.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.i586",
"product": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.i586",
"product_id": "libsoup-2_4-1-2.68.4-150200.4.19.1.i586"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.68.4-150200.4.19.1.i586",
"product": {
"name": "libsoup-devel-2.68.4-150200.4.19.1.i586",
"product_id": "libsoup-devel-2.68.4-150200.4.19.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.i586",
"product": {
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.i586",
"product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-lang-2.68.4-150200.4.19.1.noarch",
"product": {
"name": "libsoup-lang-2.68.4-150200.4.19.1.noarch",
"product_id": "libsoup-lang-2.68.4-150200.4.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.ppc64le",
"product": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.ppc64le",
"product_id": "libsoup-2_4-1-2.68.4-150200.4.19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.68.4-150200.4.19.1.ppc64le",
"product": {
"name": "libsoup-devel-2.68.4-150200.4.19.1.ppc64le",
"product_id": "libsoup-devel-2.68.4-150200.4.19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.ppc64le",
"product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"product": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"product_id": "libsoup-2_4-1-2.68.4-150200.4.19.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.68.4-150200.4.19.1.s390x",
"product": {
"name": "libsoup-devel-2.68.4-150200.4.19.1.s390x",
"product_id": "libsoup-devel-2.68.4-150200.4.19.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.s390x",
"product": {
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.s390x",
"product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64",
"product": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64",
"product_id": "libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.68.4-150200.4.19.1.x86_64",
"product": {
"name": "libsoup-2_4-1-32bit-2.68.4-150200.4.19.1.x86_64",
"product_id": "libsoup-2_4-1-32bit-2.68.4-150200.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-2.68.4-150200.4.19.1.x86_64",
"product": {
"name": "libsoup-devel-2.68.4-150200.4.19.1.x86_64",
"product_id": "libsoup-devel-2.68.4-150200.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-2.68.4-150200.4.19.1.x86_64",
"product": {
"name": "libsoup-devel-32bit-2.68.4-150200.4.19.1.x86_64",
"product_id": "libsoup-devel-32bit-2.68.4-150200.4.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.x86_64",
"product_id": "typelib-1_0-Soup-2_4-2.68.4-150200.4.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-14523"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libsoup\u0027s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-14523",
"url": "https://www.suse.com/security/cve/CVE-2025-14523"
},
{
"category": "external",
"summary": "SUSE Bug 1254876 for CVE-2025-14523",
"url": "https://bugzilla.suse.com/1254876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T09:56:33Z",
"details": "important"
}
],
"title": "CVE-2025-14523"
},
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libsoup-2_4-1-2.68.4-150200.4.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-19T09:56:33Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
SUSE-SU-2026:0211-1
Vulnerability from csaf_suse - Published: 2026-01-22 12:08 - Updated: 2026-01-22 12:08Summary
Security update for libsoup
Notes
Title of the patch
Security update for libsoup
Description of the patch
This update for libsoup fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418)
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
Patchnames
SUSE-2026-211,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-211,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-211,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-211,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-211,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-211,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-211,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-211,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-211
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsoup",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsoup fixes the following issues:\n\n- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).\n- CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418)\n- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-211,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-211,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-211,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-211,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-211,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-211,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-211,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-211,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-211",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0211-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0211-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260211-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0211-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023874.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254876",
"url": "https://bugzilla.suse.com/1254876"
},
{
"category": "self",
"summary": "SUSE Bug 1256399",
"url": "https://bugzilla.suse.com/1256399"
},
{
"category": "self",
"summary": "SUSE Bug 1256418",
"url": "https://bugzilla.suse.com/1256418"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-14523 page",
"url": "https://www.suse.com/security/cve/CVE-2025-14523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "Security update for libsoup",
"tracking": {
"current_release_date": "2026-01-22T12:08:07Z",
"generator": {
"date": "2026-01-22T12:08:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0211-1",
"initial_release_date": "2026-01-22T12:08:07Z",
"revision_history": [
{
"date": "2026-01-22T12:08:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"product": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"product_id": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"product": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"product_id": "libsoup-devel-3.0.4-150400.3.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"product_id": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-64bit-3.0.4-150400.3.28.1.aarch64_ilp32",
"product": {
"name": "libsoup-3_0-0-64bit-3.0.4-150400.3.28.1.aarch64_ilp32",
"product_id": "libsoup-3_0-0-64bit-3.0.4-150400.3.28.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libsoup-devel-64bit-3.0.4-150400.3.28.1.aarch64_ilp32",
"product": {
"name": "libsoup-devel-64bit-3.0.4-150400.3.28.1.aarch64_ilp32",
"product_id": "libsoup-devel-64bit-3.0.4-150400.3.28.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.i586",
"product": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.i586",
"product_id": "libsoup-3_0-0-3.0.4-150400.3.28.1.i586"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.0.4-150400.3.28.1.i586",
"product": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.i586",
"product_id": "libsoup-devel-3.0.4-150400.3.28.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.i586",
"product": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.i586",
"product_id": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"product": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"product_id": "libsoup-lang-3.0.4-150400.3.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"product": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"product_id": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"product": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"product_id": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"product_id": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"product": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"product_id": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.0.4-150400.3.28.1.s390x",
"product": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.s390x",
"product_id": "libsoup-devel-3.0.4-150400.3.28.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"product": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"product_id": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"product": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"product_id": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-3_0-0-32bit-3.0.4-150400.3.28.1.x86_64",
"product": {
"name": "libsoup-3_0-0-32bit-3.0.4-150400.3.28.1.x86_64",
"product_id": "libsoup-3_0-0-32bit-3.0.4-150400.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"product": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"product_id": "libsoup-devel-3.0.4-150400.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-3.0.4-150400.3.28.1.x86_64",
"product": {
"name": "libsoup-devel-32bit-3.0.4-150400.3.28.1.x86_64",
"product_id": "libsoup-devel-32bit-3.0.4-150400.3.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"product_id": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.0.4-150400.3.28.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch"
},
"product_reference": "libsoup-lang-3.0.4-150400.3.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-14523"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libsoup\u0027s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-14523",
"url": "https://www.suse.com/security/cve/CVE-2025-14523"
},
{
"category": "external",
"summary": "SUSE Bug 1254876 for CVE-2025-14523",
"url": "https://bugzilla.suse.com/1254876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:08:07Z",
"details": "important"
}
],
"title": "CVE-2025-14523"
},
{
"cve": "CVE-2026-0716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0716"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libsoup\u0027s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup\u0027s WebSocket support with this configuration may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0716",
"url": "https://www.suse.com/security/cve/CVE-2026-0716"
},
{
"category": "external",
"summary": "SUSE Bug 1256418 for CVE-2026-0716",
"url": "https://bugzilla.suse.com/1256418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:08:07Z",
"details": "moderate"
}
],
"title": "CVE-2026-0716"
},
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-3_0-0-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-devel-3.0.4-150400.3.28.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-lang-3.0.4-150400.3.28.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-3_0-3.0.4-150400.3.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T12:08:07Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
SUSE-SU-2026:0258-1
Vulnerability from csaf_suse - Published: 2026-01-22 16:10 - Updated: 2026-01-22 16:10Summary
Security update for libsoup2
Notes
Title of the patch
Security update for libsoup2
Description of the patch
This update for libsoup2 fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
Patchnames
SUSE-2026-258,SUSE-SLE-Micro-5.3-2026-258,SUSE-SLE-Micro-5.4-2026-258,SUSE-SLE-Micro-5.5-2026-258,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-258,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-258,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-258,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-258,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-258,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-258,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-258,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-258
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libsoup2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libsoup2 fixes the following issues:\n\n- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).\n- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)\n ",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-258,SUSE-SLE-Micro-5.3-2026-258,SUSE-SLE-Micro-5.4-2026-258,SUSE-SLE-Micro-5.5-2026-258,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-258,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-258,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-258,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-258,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-258,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-258,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-258,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-258",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0258-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0258-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260258-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0258-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023890.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254876",
"url": "https://bugzilla.suse.com/1254876"
},
{
"category": "self",
"summary": "SUSE Bug 1256399",
"url": "https://bugzilla.suse.com/1256399"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-14523 page",
"url": "https://www.suse.com/security/cve/CVE-2025-14523/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "Security update for libsoup2",
"tracking": {
"current_release_date": "2026-01-22T16:10:25Z",
"generator": {
"date": "2026-01-22T16:10:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0258-1",
"initial_release_date": "2026-01-22T16:10:25Z",
"revision_history": [
{
"date": "2026-01-22T16:10:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"product": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"product_id": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"product": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"product_id": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"product_id": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-64bit-2.74.2-150400.3.19.1.aarch64_ilp32",
"product": {
"name": "libsoup-2_4-1-64bit-2.74.2-150400.3.19.1.aarch64_ilp32",
"product_id": "libsoup-2_4-1-64bit-2.74.2-150400.3.19.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-64bit-2.74.2-150400.3.19.1.aarch64_ilp32",
"product": {
"name": "libsoup2-devel-64bit-2.74.2-150400.3.19.1.aarch64_ilp32",
"product_id": "libsoup2-devel-64bit-2.74.2-150400.3.19.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.i586",
"product": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.i586",
"product_id": "libsoup-2_4-1-2.74.2-150400.3.19.1.i586"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.2-150400.3.19.1.i586",
"product": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.i586",
"product_id": "libsoup2-devel-2.74.2-150400.3.19.1.i586"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.i586",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.i586",
"product_id": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"product": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"product_id": "libsoup2-lang-2.74.2-150400.3.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"product": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"product_id": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"product": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"product_id": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"product_id": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"product": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"product_id": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"product": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"product_id": "libsoup2-devel-2.74.2-150400.3.19.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"product_id": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"product": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"product_id": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.74.2-150400.3.19.1.x86_64",
"product": {
"name": "libsoup-2_4-1-32bit-2.74.2-150400.3.19.1.x86_64",
"product_id": "libsoup-2_4-1-32bit-2.74.2-150400.3.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"product": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"product_id": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-32bit-2.74.2-150400.3.19.1.x86_64",
"product": {
"name": "libsoup2-devel-32bit-2.74.2-150400.3.19.1.x86_64",
"product_id": "libsoup2-devel-32bit-2.74.2-150400.3.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"product_id": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.2-150400.3.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch"
},
"product_reference": "libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14523",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-14523"
}
],
"notes": [
{
"category": "general",
"text": "A flaw in libsoup\u0027s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-14523",
"url": "https://www.suse.com/security/cve/CVE-2025-14523"
},
{
"category": "external",
"summary": "SUSE Bug 1254876 for CVE-2025-14523",
"url": "https://bugzilla.suse.com/1254876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:10:25Z",
"details": "important"
}
],
"title": "CVE-2025-14523"
},
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T16:10:25Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
OPENSUSE-SU-2026:10041-1
Vulnerability from csaf_opensuse - Published: 2026-01-13 00:00 - Updated: 2026-01-13 00:00Summary
libsoup-2_4-1-2.74.3-14.1 on GA media
Notes
Title of the patch
libsoup-2_4-1-2.74.3-14.1 on GA media
Description of the patch
These are all security issues fixed in the libsoup-2_4-1-2.74.3-14.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10041
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libsoup-2_4-1-2.74.3-14.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libsoup-2_4-1-2.74.3-14.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10041",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10041-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "libsoup-2_4-1-2.74.3-14.1 on GA media",
"tracking": {
"current_release_date": "2026-01-13T00:00:00Z",
"generator": {
"date": "2026-01-13T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10041-1",
"initial_release_date": "2026-01-13T00:00:00Z",
"revision_history": [
{
"date": "2026-01-13T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-14.1.aarch64",
"product": {
"name": "libsoup-2_4-1-2.74.3-14.1.aarch64",
"product_id": "libsoup-2_4-1-2.74.3-14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.aarch64",
"product": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.aarch64",
"product_id": "libsoup-2_4-1-32bit-2.74.3-14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-14.1.aarch64",
"product": {
"name": "libsoup2-devel-2.74.3-14.1.aarch64",
"product_id": "libsoup2-devel-2.74.3-14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-32bit-2.74.3-14.1.aarch64",
"product": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.aarch64",
"product_id": "libsoup2-devel-32bit-2.74.3-14.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup2-lang-2.74.3-14.1.aarch64",
"product": {
"name": "libsoup2-lang-2.74.3-14.1.aarch64",
"product_id": "libsoup2-lang-2.74.3-14.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-14.1.ppc64le",
"product": {
"name": "libsoup-2_4-1-2.74.3-14.1.ppc64le",
"product_id": "libsoup-2_4-1-2.74.3-14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le",
"product": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le",
"product_id": "libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-14.1.ppc64le",
"product": {
"name": "libsoup2-devel-2.74.3-14.1.ppc64le",
"product_id": "libsoup2-devel-2.74.3-14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-32bit-2.74.3-14.1.ppc64le",
"product": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.ppc64le",
"product_id": "libsoup2-devel-32bit-2.74.3-14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup2-lang-2.74.3-14.1.ppc64le",
"product": {
"name": "libsoup2-lang-2.74.3-14.1.ppc64le",
"product_id": "libsoup2-lang-2.74.3-14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-14.1.s390x",
"product": {
"name": "libsoup-2_4-1-2.74.3-14.1.s390x",
"product_id": "libsoup-2_4-1-2.74.3-14.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.s390x",
"product": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.s390x",
"product_id": "libsoup-2_4-1-32bit-2.74.3-14.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-14.1.s390x",
"product": {
"name": "libsoup2-devel-2.74.3-14.1.s390x",
"product_id": "libsoup2-devel-2.74.3-14.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-32bit-2.74.3-14.1.s390x",
"product": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.s390x",
"product_id": "libsoup2-devel-32bit-2.74.3-14.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup2-lang-2.74.3-14.1.s390x",
"product": {
"name": "libsoup2-lang-2.74.3-14.1.s390x",
"product_id": "libsoup2-lang-2.74.3-14.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.s390x",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.s390x",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-2_4-1-2.74.3-14.1.x86_64",
"product": {
"name": "libsoup-2_4-1-2.74.3-14.1.x86_64",
"product_id": "libsoup-2_4-1-2.74.3-14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.x86_64",
"product": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.x86_64",
"product_id": "libsoup-2_4-1-32bit-2.74.3-14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-2.74.3-14.1.x86_64",
"product": {
"name": "libsoup2-devel-2.74.3-14.1.x86_64",
"product_id": "libsoup2-devel-2.74.3-14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-devel-32bit-2.74.3-14.1.x86_64",
"product": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.x86_64",
"product_id": "libsoup2-devel-32bit-2.74.3-14.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup2-lang-2.74.3-14.1.x86_64",
"product": {
"name": "libsoup2-lang-2.74.3-14.1.x86_64",
"product_id": "libsoup2-lang-2.74.3-14.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64",
"product_id": "typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-14.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.aarch64"
},
"product_reference": "libsoup-2_4-1-2.74.3-14.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-14.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-2.74.3-14.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-14.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.s390x"
},
"product_reference": "libsoup-2_4-1-2.74.3-14.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-2.74.3-14.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.x86_64"
},
"product_reference": "libsoup-2_4-1-2.74.3-14.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.aarch64"
},
"product_reference": "libsoup-2_4-1-32bit-2.74.3-14.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le"
},
"product_reference": "libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.s390x"
},
"product_reference": "libsoup-2_4-1-32bit-2.74.3-14.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-2_4-1-32bit-2.74.3-14.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.x86_64"
},
"product_reference": "libsoup-2_4-1-32bit-2.74.3-14.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-14.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.aarch64"
},
"product_reference": "libsoup2-devel-2.74.3-14.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-14.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.ppc64le"
},
"product_reference": "libsoup2-devel-2.74.3-14.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-14.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.s390x"
},
"product_reference": "libsoup2-devel-2.74.3-14.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-2.74.3-14.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.x86_64"
},
"product_reference": "libsoup2-devel-2.74.3-14.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.aarch64"
},
"product_reference": "libsoup2-devel-32bit-2.74.3-14.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.ppc64le"
},
"product_reference": "libsoup2-devel-32bit-2.74.3-14.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.s390x"
},
"product_reference": "libsoup2-devel-32bit-2.74.3-14.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-devel-32bit-2.74.3-14.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.x86_64"
},
"product_reference": "libsoup2-devel-32bit-2.74.3-14.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-14.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.aarch64"
},
"product_reference": "libsoup2-lang-2.74.3-14.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-14.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.ppc64le"
},
"product_reference": "libsoup2-lang-2.74.3-14.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-14.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.s390x"
},
"product_reference": "libsoup2-lang-2.74.3-14.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup2-lang-2.74.3-14.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.x86_64"
},
"product_reference": "libsoup2-lang-2.74.3-14.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.s390x"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-14.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup-2_4-1-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup-2_4-1-32bit-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-devel-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-devel-32bit-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:libsoup2-lang-2.74.3-14.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-2_4-2.74.3-14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
OPENSUSE-SU-2026:10040-1
Vulnerability from csaf_opensuse - Published: 2026-01-13 00:00 - Updated: 2026-01-13 00:00Summary
libsoup-3_0-0-3.6.5-11.1 on GA media
Notes
Title of the patch
libsoup-3_0-0-3.6.5-11.1 on GA media
Description of the patch
These are all security issues fixed in the libsoup-3_0-0-3.6.5-11.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10040
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libsoup-3_0-0-3.6.5-11.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libsoup-3_0-0-3.6.5-11.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10040",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10040-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0716 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0716/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-0719 page",
"url": "https://www.suse.com/security/cve/CVE-2026-0719/"
}
],
"title": "libsoup-3_0-0-3.6.5-11.1 on GA media",
"tracking": {
"current_release_date": "2026-01-13T00:00:00Z",
"generator": {
"date": "2026-01-13T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10040-1",
"initial_release_date": "2026-01-13T00:00:00Z",
"revision_history": [
{
"date": "2026-01-13T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.6.5-11.1.aarch64",
"product": {
"name": "libsoup-3_0-0-3.6.5-11.1.aarch64",
"product_id": "libsoup-3_0-0-3.6.5-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"product": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"product_id": "libsoup-3_0-0-32bit-3.6.5-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.6.5-11.1.aarch64",
"product": {
"name": "libsoup-devel-3.6.5-11.1.aarch64",
"product_id": "libsoup-devel-3.6.5-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-3.6.5-11.1.aarch64",
"product": {
"name": "libsoup-devel-32bit-3.6.5-11.1.aarch64",
"product_id": "libsoup-devel-32bit-3.6.5-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsoup-lang-3.6.5-11.1.aarch64",
"product": {
"name": "libsoup-lang-3.6.5-11.1.aarch64",
"product_id": "libsoup-lang-3.6.5-11.1.aarch64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"product": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"product_id": "typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.6.5-11.1.ppc64le",
"product": {
"name": "libsoup-3_0-0-3.6.5-11.1.ppc64le",
"product_id": "libsoup-3_0-0-3.6.5-11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"product": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"product_id": "libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.6.5-11.1.ppc64le",
"product": {
"name": "libsoup-devel-3.6.5-11.1.ppc64le",
"product_id": "libsoup-devel-3.6.5-11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"product": {
"name": "libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"product_id": "libsoup-devel-32bit-3.6.5-11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsoup-lang-3.6.5-11.1.ppc64le",
"product": {
"name": "libsoup-lang-3.6.5-11.1.ppc64le",
"product_id": "libsoup-lang-3.6.5-11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"product": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"product_id": "typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.6.5-11.1.s390x",
"product": {
"name": "libsoup-3_0-0-3.6.5-11.1.s390x",
"product_id": "libsoup-3_0-0-3.6.5-11.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"product": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"product_id": "libsoup-3_0-0-32bit-3.6.5-11.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.6.5-11.1.s390x",
"product": {
"name": "libsoup-devel-3.6.5-11.1.s390x",
"product_id": "libsoup-devel-3.6.5-11.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-3.6.5-11.1.s390x",
"product": {
"name": "libsoup-devel-32bit-3.6.5-11.1.s390x",
"product_id": "libsoup-devel-32bit-3.6.5-11.1.s390x"
}
},
{
"category": "product_version",
"name": "libsoup-lang-3.6.5-11.1.s390x",
"product": {
"name": "libsoup-lang-3.6.5-11.1.s390x",
"product_id": "libsoup-lang-3.6.5-11.1.s390x"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"product": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"product_id": "typelib-1_0-Soup-3_0-3.6.5-11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libsoup-3_0-0-3.6.5-11.1.x86_64",
"product": {
"name": "libsoup-3_0-0-3.6.5-11.1.x86_64",
"product_id": "libsoup-3_0-0-3.6.5-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"product": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"product_id": "libsoup-3_0-0-32bit-3.6.5-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-3.6.5-11.1.x86_64",
"product": {
"name": "libsoup-devel-3.6.5-11.1.x86_64",
"product_id": "libsoup-devel-3.6.5-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-devel-32bit-3.6.5-11.1.x86_64",
"product": {
"name": "libsoup-devel-32bit-3.6.5-11.1.x86_64",
"product_id": "libsoup-devel-32bit-3.6.5-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsoup-lang-3.6.5-11.1.x86_64",
"product": {
"name": "libsoup-lang-3.6.5-11.1.x86_64",
"product_id": "libsoup-lang-3.6.5-11.1.x86_64"
}
},
{
"category": "product_version",
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64",
"product": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64",
"product_id": "typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.6.5-11.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64"
},
"product_reference": "libsoup-3_0-0-3.6.5-11.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.6.5-11.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-3.6.5-11.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.6.5-11.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x"
},
"product_reference": "libsoup-3_0-0-3.6.5-11.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-3.6.5-11.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64"
},
"product_reference": "libsoup-3_0-0-3.6.5-11.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64"
},
"product_reference": "libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le"
},
"product_reference": "libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x"
},
"product_reference": "libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-3_0-0-32bit-3.6.5-11.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64"
},
"product_reference": "libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.6.5-11.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64"
},
"product_reference": "libsoup-devel-3.6.5-11.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.6.5-11.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le"
},
"product_reference": "libsoup-devel-3.6.5-11.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.6.5-11.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x"
},
"product_reference": "libsoup-devel-3.6.5-11.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-3.6.5-11.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64"
},
"product_reference": "libsoup-devel-3.6.5-11.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-32bit-3.6.5-11.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64"
},
"product_reference": "libsoup-devel-32bit-3.6.5-11.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-32bit-3.6.5-11.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le"
},
"product_reference": "libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-32bit-3.6.5-11.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x"
},
"product_reference": "libsoup-devel-32bit-3.6.5-11.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-devel-32bit-3.6.5-11.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64"
},
"product_reference": "libsoup-devel-32bit-3.6.5-11.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.6.5-11.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64"
},
"product_reference": "libsoup-lang-3.6.5-11.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.6.5-11.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le"
},
"product_reference": "libsoup-lang-3.6.5-11.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.6.5-11.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x"
},
"product_reference": "libsoup-lang-3.6.5-11.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsoup-lang-3.6.5-11.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64"
},
"product_reference": "libsoup-lang-3.6.5-11.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le"
},
"product_reference": "typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x"
},
"product_reference": "typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
},
"product_reference": "typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-0716",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0716"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in libsoup\u0027s WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup\u0027s WebSocket support with this configuration may be impacted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0716",
"url": "https://www.suse.com/security/cve/CVE-2026-0716"
},
{
"category": "external",
"summary": "SUSE Bug 1256418 for CVE-2026-0716",
"url": "https://bugzilla.suse.com/1256418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-0716"
},
{
"cve": "CVE-2026-0719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-0719"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-0719",
"url": "https://www.suse.com/security/cve/CVE-2026-0719"
},
{
"category": "external",
"summary": "SUSE Bug 1256399 for CVE-2026-0719",
"url": "https://bugzilla.suse.com/1256399"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1.x86_64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.aarch64",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.ppc64le",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.s390x",
"openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-0719"
}
]
}
FKIE_CVE-2026-0719
Vulnerability from fkie_nvd - Published: 2026-01-08 13:15 - Updated: 2026-02-17 19:21
Severity ?
Summary
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:1948 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2005 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2006 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2007 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2008 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2049 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2182 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2214 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2215 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2216 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2396 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2402 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2512 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2513 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2514 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2528 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2529 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2628 | ||
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2026:2844 | ||
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2026-0719 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2427906 | ||
| secalert@redhat.com | https://gitlab.gnome.org/GNOME/libsoup/-/issues/477 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk."
}
],
"id": "CVE-2026-0719",
"lastModified": "2026-02-17T19:21:55.890",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2026-01-08T13:15:43.283",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"source": "secalert@redhat.com",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
GHSA-8X3F-4JVW-WW73
Vulnerability from github – Published: 2026-01-08 15:31 – Updated: 2026-02-17 21:31
VLAI?
Details
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2026-0719"
],
"database_specific": {
"cwe_ids": [
"CWE-121"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-08T13:15:43Z",
"severity": "HIGH"
},
"details": "A flaw was found in libsoup\u0027s NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.",
"id": "GHSA-8x3f-4jvw-ww73",
"modified": "2026-02-17T21:31:12Z",
"published": "2026-01-08T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0719"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/477"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427906"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-0719"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2844"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-0719
Vulnerability from csaf_microsoft - Published: 2026-01-02 00:00 - Updated: 2026-01-13 01:45Summary
Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0719 Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-0719.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication",
"tracking": {
"current_release_date": "2026-01-13T01:45:18.000Z",
"generator": {
"date": "2026-02-18T14:43:41.733Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-0719",
"initial_release_date": "2026-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-01-11T01:05:19.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-01-12T14:39:03.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-01-13T01:45:18.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 libsoup 3.4.4-11",
"product": {
"name": "azl3 libsoup 3.4.4-11",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 libsoup 3.4.4-11 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-0719",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-0719 Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-0719.json"
}
],
"title": "Libsoup: signed to unsigned conversion error leading to stack-based buffer overflow in libsoup ntlm authentication"
}
]
}
WID-SEC-W-2026-0305
Vulnerability from csaf_certbund - Published: 2026-02-04 23:00 - Updated: 2026-02-19 23:00Summary
Red Hat Enterprise Linux (libsoup): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuführen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme
- UNIX
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um beliebigen Code auszuf\u00fchren oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0305 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0305.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0305 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0305"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:1948"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:2005"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:2006"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:2007"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:2008"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2049 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2049"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7259752 vom 2026-02-05",
"url": "https://www.ibm.com/support/pages/node/7259752"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20212-1 vom 2026-02-05",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024074.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3141 vom 2026-02-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3141.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2182 vom 2026-02-06",
"url": "https://access.redhat.com/errata/RHSA-2026:2182"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2182 vom 2026-02-06",
"url": "https://linux.oracle.com/errata/ELSA-2026-2182.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2182 vom 2026-02-07",
"url": "https://errata.build.resf.org/RLSA-2026:2182"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2214 vom 2026-02-09",
"url": "https://access.redhat.com/errata/RHSA-2026:2214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2216 vom 2026-02-09",
"url": "https://access.redhat.com/errata/RHSA-2026:2216"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2215 vom 2026-02-09",
"url": "https://access.redhat.com/errata/RHSA-2026:2215"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-44AF0F2383 vom 2026-02-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-44af0f2383"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2215 vom 2026-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-2215.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-07B73214FC vom 2026-02-09",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-07b73214fc"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2216 vom 2026-02-10",
"url": "http://linux.oracle.com/errata/ELSA-2026-2216.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2402 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2402"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2396 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2396"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2410 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2410"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2214 vom 2026-02-11",
"url": "https://errata.build.resf.org/RLSA-2026:2214"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-2410 vom 2026-02-10",
"url": "https://linux.oracle.com/errata/ELSA-2026-2410.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2528 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2528"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0419-1 vom 2026-02-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024091.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0418-1 vom 2026-02-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024092.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2513 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2513"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2512 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2512"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2514 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2514"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2529 vom 2026-02-11",
"url": "https://access.redhat.com/errata/RHSA-2026:2529"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2215 vom 2026-02-11",
"url": "https://errata.build.resf.org/RLSA-2026:2215"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2628 vom 2026-02-12",
"url": "https://access.redhat.com/errata/RHSA-2026:2628"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20186-1 vom 2026-02-11",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EFSY63MRTEB63QPRKJ76SIGZQXBLBMO6/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0431-1 vom 2026-02-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024117.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20238-1 vom 2026-02-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024098.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2410 vom 2026-02-13",
"url": "https://errata.build.resf.org/RLSA-2026:2410"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:2216 vom 2026-02-13",
"url": "https://errata.build.resf.org/RLSA-2026:2216"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20245-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024234.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0497-1 vom 2026-02-13",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024157.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20339-1 vom 2026-02-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024259.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20360-1 vom 2026-02-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024323.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0574-1 vom 2026-02-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024351.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0579-1 vom 2026-02-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024354.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (libsoup): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-02-19T23:00:00.000+00:00",
"generator": {
"date": "2026-02-20T09:20:48.481+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0305",
"initial_release_date": "2026-02-04T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM, SUSE, Amazon, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-02-08T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora und Oracle Linux aufgenommen"
},
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Rocky Enterprise Software Foundation, Oracle Linux, Red Hat und SUSE aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat, openSUSE und SUSE aufgenommen"
},
{
"date": "2026-02-12T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-02-15T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-17T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-02-19T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "11"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "8.8 Update Services for SAP Solution",
"product": {
"name": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solution",
"product_id": "T050525",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8_update_services_for_sap_solution"
}
}
},
{
"category": "product_version",
"name": "8.8 Telecommunications Update Service",
"product": {
"name": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"product_id": "T050526",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8.8_telecommunications_update_service"
}
}
},
{
"category": "product_version",
"name": "9.2 Update Services for SAP Solution",
"product": {
"name": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solution",
"product_id": "T050527",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.2_update_services_for_sap_solution"
}
}
},
{
"category": "product_version",
"name": "10.0 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 10.0 Extended Update Support",
"product_id": "T050528",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.0_extended_update_support"
}
}
},
{
"category": "product_version",
"name": "9.4 Extended Update Support",
"product": {
"name": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"product_id": "T050529",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.4_extended_update_support"
}
}
},
{
"category": "product_version",
"name": "9.0 Update Services for SAP Solutions",
"product": {
"name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"product_id": "T050530",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.0_update_services_for_sap_solutions"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-0719",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T032255",
"74185",
"T050530",
"T032495",
"T050529",
"T050528",
"T002207",
"T050525",
"T050527",
"T050526",
"T027843",
"398363"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-0719"
},
{
"cve": "CVE-2026-1761",
"product_status": {
"known_affected": [
"67646",
"T004914",
"T032255",
"74185",
"T050530",
"T032495",
"T050529",
"T050528",
"T002207",
"T050525",
"T050527",
"T050526",
"T027843",
"398363"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-1761"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…