ALSA-2026:15968

[ALSA-2026:15968] Moderate: libsoup3 security update

Type:

security

Severity:

moderate

Release date:

2026-05-11

Description:

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.  

Security Fix(es):  

  * libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271)
  * libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	libsoup3-devel-3.6.5-3.el10_1.11.aarch64.rpm	2a7fbae2c6daa0fb7a3acae86927dd815d9be785ea411a272e85809beabad8b6
aarch64	libsoup3-3.6.5-3.el10_1.11.aarch64.rpm	4f39069f5703e56da320fb8a93792d03457c3d022f7909f451665d9bad454da2
noarch	libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm	ddbf5771fe4042e2e5ad17e58df1bbc5546ec7fbda1024158f0ab6750669fbe9
ppc64le	libsoup3-3.6.5-3.el10_1.11.ppc64le.rpm	50cd84e25a39381364de6607d64ef4aff7e585cb90ebe4b9d630a9ec1a271a18
ppc64le	libsoup3-devel-3.6.5-3.el10_1.11.ppc64le.rpm	979a7db17deaa360f7bbe90f1cbd2a9ef2375281f823a6b3dabba9ae15f0497d
s390x	libsoup3-devel-3.6.5-3.el10_1.11.s390x.rpm	130afcbb51f4904fbd4f6c4872979c5563ae5a580c460cdcde9098e0129374c5
s390x	libsoup3-3.6.5-3.el10_1.11.s390x.rpm	7348c0fb7f5d88e5417e3d6c0398670da6809494c6fe243f9cf3bb41a248a7c6
x86_64	libsoup3-3.6.5-3.el10_1.11.x86_64.rpm	857dd5d553d072f150aeddb29a38b213e2d6c814a84ddad4d415ce767a4235c8
x86_64	libsoup3-devel-3.6.5-3.el10_1.11.x86_64.rpm	bec1712cfcf3187c4944dc3d8a820f54373a74fc3d344ed5197187e03c771b09
x86_64_v2	libsoup3-3.6.5-3.el10_1.11.x86_64_v2.rpm	2996fe5b1224ad52e8f29c35d054235efc0abc1eb9252aeaf96ba900d9bed95e
x86_64_v2	libsoup3-devel-3.6.5-3.el10_1.11.x86_64_v2.rpm	c5342d1bee7ed7f2767ffcc9aebe1ca26229789892817ab58529834c10592b05

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.