Security update for libsoup2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0886-1 Final 1 1 2026-03-12T14:50:32Z current 2026-03-12T14:50:32Z 2026-03-12T14:50:32Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libsoup2 This update for libsoup2 fixes the following issue: - CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-886,SUSE-SLE-Module-Basesystem-15-SP7-2026-886,openSUSE-SLE-15.6-2026-886 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260886-1/ Link for SUSE-SU-2026:0886-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024687.html E-Mail link for SUSE-SU-2026:0886-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1256418 SUSE Bug 1256418 https://www.suse.com/security/cve/CVE-2026-0716/ SUSE CVE CVE-2026-0716 page SUSE Linux Enterprise Module for Basesystem 15 SP7 openSUSE Leap 15.6 libsoup-2_4-1-2.74.3-150600.4.33.1 libsoup-2_4-1-32bit-2.74.3-150600.4.33.1 libsoup-2_4-1-64bit-2.74.3-150600.4.33.1 libsoup2-devel-2.74.3-150600.4.33.1 libsoup2-devel-32bit-2.74.3-150600.4.33.1 libsoup2-devel-64bit-2.74.3-150600.4.33.1 libsoup2-lang-2.74.3-150600.4.33.1 typelib-1_0-Soup-2_4-2.74.3-150600.4.33.1 libsoup-2_4-1-2.74.3-150600.4.33.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup2-devel-2.74.3-150600.4.33.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup2-lang-2.74.3-150600.4.33.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 typelib-1_0-Soup-2_4-2.74.3-150600.4.33.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 libsoup-2_4-1-2.74.3-150600.4.33.1 as a component of openSUSE Leap 15.6 libsoup-2_4-1-32bit-2.74.3-150600.4.33.1 as a component of openSUSE Leap 15.6 libsoup2-devel-2.74.3-150600.4.33.1 as a component of openSUSE Leap 15.6 libsoup2-devel-32bit-2.74.3-150600.4.33.1 as a component of openSUSE Leap 15.6 libsoup2-lang-2.74.3-150600.4.33.1 as a component of openSUSE Leap 15.6 typelib-1_0-Soup-2_4-2.74.3-150600.4.33.1 as a component of openSUSE Leap 15.6 A flaw was found in libsoup's WebSocket frame processing when handling incoming messages. If a non-default configuration is used where the maximum incoming payload size is unset, the library may read memory outside the intended bounds. This can cause unintended memory exposure or a crash. Applications using libsoup's WebSocket support with this configuration may be impacted. CVE-2026-0716 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup-2_4-1-2.74.3-150600.4.33.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-devel-2.74.3-150600.4.33.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:libsoup2-lang-2.74.3-150600.4.33.1 SUSE Linux Enterprise Module for Basesystem 15 SP7:typelib-1_0-Soup-2_4-2.74.3-150600.4.33.1 openSUSE Leap 15.6:libsoup-2_4-1-2.74.3-150600.4.33.1 openSUSE Leap 15.6:libsoup-2_4-1-32bit-2.74.3-150600.4.33.1 openSUSE Leap 15.6:libsoup2-devel-2.74.3-150600.4.33.1 openSUSE Leap 15.6:libsoup2-devel-32bit-2.74.3-150600.4.33.1 openSUSE Leap 15.6:libsoup2-lang-2.74.3-150600.4.33.1 openSUSE Leap 15.6:typelib-1_0-Soup-2_4-2.74.3-150600.4.33.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260886-1/ https://www.suse.com/security/cve/CVE-2026-0716.html CVE-2026-0716 https://bugzilla.suse.com/1256418 SUSE Bug 1256418