Security update for libsoup2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0258-1 Final 1 1 2026-01-22T16:10:25Z current 2026-01-22T16:10:25Z 2026-01-22T16:10:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup2 This update for libsoup2 fixes the following issues: - CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876). - CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-258,SUSE-SLE-Micro-5.3-2026-258,SUSE-SLE-Micro-5.4-2026-258,SUSE-SLE-Micro-5.5-2026-258,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-258,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-258,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-258,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-258,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-258,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-258,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-258,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-258 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260258-1/ Link for SUSE-SU-2026:0258-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023890.html E-Mail link for SUSE-SU-2026:0258-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1254876 SUSE Bug 1254876 https://bugzilla.suse.com/1256399 SUSE Bug 1256399 https://www.suse.com/security/cve/CVE-2025-14523/ SUSE CVE CVE-2025-14523 page https://www.suse.com/security/cve/CVE-2026-0719/ SUSE CVE CVE-2026-0719 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 libsoup-2_4-1-2.74.2-150400.3.19.1 libsoup-2_4-1-32bit-2.74.2-150400.3.19.1 libsoup-2_4-1-64bit-2.74.2-150400.3.19.1 libsoup2-devel-2.74.2-150400.3.19.1 libsoup2-devel-32bit-2.74.2-150400.3.19.1 libsoup2-devel-64bit-2.74.2-150400.3.19.1 libsoup2-lang-2.74.2-150400.3.19.1 typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Micro 5.3 libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Micro 5.4 libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Micro 5.5 libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 libsoup-2_4-1-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libsoup2-devel-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 libsoup2-lang-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 A flaw in libsoup's HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the backend interprets it as destined for another host. This discrepancy enables request-smuggling style attacks, cache poisoning, or bypassing host-based access controls when an attacker supplies duplicate Host headers. CVE-2025-14523 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260258-1/ https://www.suse.com/security/cve/CVE-2025-14523.html CVE-2025-14523 https://bugzilla.suse.com/1254876 SUSE Bug 1254876 A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. CVE-2026-0719 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Micro 5.3:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Micro 5.4:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Micro 5.5:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP4-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server 15 SP5-LTSS:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup-2_4-1-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-devel-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:libsoup2-lang-2.74.2-150400.3.19.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:typelib-1_0-Soup-2_4-2.74.2-150400.3.19.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260258-1/ https://www.suse.com/security/cve/CVE-2026-0719.html CVE-2026-0719 https://bugzilla.suse.com/1256399 SUSE Bug 1256399