libsoup-3_0-0-3.6.5-11.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10040-1 Final 1 1 2026-01-13T00:00:00Z current 2026-01-13T00:00:00Z 2026-01-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libsoup-3_0-0-3.6.5-11.1 on GA media These are all security issues fixed in the libsoup-3_0-0-3.6.5-11.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10040 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2026-0716/ SUSE CVE CVE-2026-0716 page https://www.suse.com/security/cve/CVE-2026-0719/ SUSE CVE CVE-2026-0719 page openSUSE Tumbleweed libsoup-3_0-0-3.6.5-11.1 libsoup-3_0-0-32bit-3.6.5-11.1 libsoup-devel-3.6.5-11.1 libsoup-devel-32bit-3.6.5-11.1 libsoup-lang-3.6.5-11.1 typelib-1_0-Soup-3_0-3.6.5-11.1 libsoup-3_0-0-3.6.5-11.1 as a component of openSUSE Tumbleweed libsoup-3_0-0-32bit-3.6.5-11.1 as a component of openSUSE Tumbleweed libsoup-devel-3.6.5-11.1 as a component of openSUSE Tumbleweed libsoup-devel-32bit-3.6.5-11.1 as a component of openSUSE Tumbleweed libsoup-lang-3.6.5-11.1 as a component of openSUSE Tumbleweed typelib-1_0-Soup-3_0-3.6.5-11.1 as a component of openSUSE Tumbleweed A flaw was found in libsoup's WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup's WebSocket support with this configuration may be impacted. CVE-2026-0716 openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1 openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1 openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1 openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1 openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1 openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-0716.html CVE-2026-0716 https://bugzilla.suse.com/1256418 SUSE Bug 1256418 A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. CVE-2026-0719 openSUSE Tumbleweed:libsoup-3_0-0-3.6.5-11.1 openSUSE Tumbleweed:libsoup-3_0-0-32bit-3.6.5-11.1 openSUSE Tumbleweed:libsoup-devel-3.6.5-11.1 openSUSE Tumbleweed:libsoup-devel-32bit-3.6.5-11.1 openSUSE Tumbleweed:libsoup-lang-3.6.5-11.1 openSUSE Tumbleweed:typelib-1_0-Soup-3_0-3.6.5-11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-0719.html CVE-2026-0719 https://bugzilla.suse.com/1256399 SUSE Bug 1256399