Security update for libsoup SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0265-1 Final 1 1 2026-01-23T07:08:44Z current 2026-01-23T07:08:44Z 2026-01-23T07:08:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup This update for libsoup fixes the following issues: - CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication (bsc#1256399). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-265,SUSE-SLE-SERVER-12-SP5-LTSS-2026-265,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-265 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260265-1/ Link for SUSE-SU-2026:0265-1 https://lists.suse.com/pipermail/sle-security-updates/2026-January/023897.html E-Mail link for SUSE-SU-2026:0265-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256399 SUSE Bug 1256399 https://www.suse.com/security/cve/CVE-2026-0719/ SUSE CVE CVE-2026-0719 page SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libsoup-2_4-1-2.62.2-5.26.1 libsoup-2_4-1-32bit-2.62.2-5.26.1 libsoup-2_4-1-64bit-2.62.2-5.26.1 libsoup-devel-2.62.2-5.26.1 libsoup-devel-32bit-2.62.2-5.26.1 libsoup-devel-64bit-2.62.2-5.26.1 libsoup-lang-2.62.2-5.26.1 typelib-1_0-Soup-2_4-2.62.2-5.26.1 libsoup-2_4-1-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libsoup-2_4-1-32bit-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libsoup-devel-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libsoup-lang-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS typelib-1_0-Soup-2_4-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS libsoup-2_4-1-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libsoup-2_4-1-32bit-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libsoup-devel-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 libsoup-lang-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 typelib-1_0-Soup-2_4-2.62.2-5.26.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. CVE-2026-0719 SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-2.62.2-5.26.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-2_4-1-32bit-2.62.2-5.26.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-devel-2.62.2-5.26.1 SUSE Linux Enterprise Server 12 SP5-LTSS:libsoup-lang-2.62.2-5.26.1 SUSE Linux Enterprise Server 12 SP5-LTSS:typelib-1_0-Soup-2_4-2.62.2-5.26.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-2.62.2-5.26.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-2_4-1-32bit-2.62.2-5.26.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-devel-2.62.2-5.26.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:libsoup-lang-2.62.2-5.26.1 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:typelib-1_0-Soup-2_4-2.62.2-5.26.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260265-1/ https://www.suse.com/security/cve/CVE-2026-0719.html CVE-2026-0719 https://bugzilla.suse.com/1256399 SUSE Bug 1256399