libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications.
Security Fix(es):
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.(CVE-2026-2708)
{
"severity": "Medium"
}{
"aarch64": [
"libsoup-2.74.3-21.oe2403sp1.aarch64.rpm",
"libsoup-debuginfo-2.74.3-21.oe2403sp1.aarch64.rpm",
"libsoup-debugsource-2.74.3-21.oe2403sp1.aarch64.rpm",
"libsoup-devel-2.74.3-21.oe2403sp1.aarch64.rpm"
],
"x86_64": [
"libsoup-2.74.3-21.oe2403sp1.x86_64.rpm",
"libsoup-debuginfo-2.74.3-21.oe2403sp1.x86_64.rpm",
"libsoup-debugsource-2.74.3-21.oe2403sp1.x86_64.rpm",
"libsoup-devel-2.74.3-21.oe2403sp1.x86_64.rpm"
],
"noarch": [
"libsoup-help-2.74.3-21.oe2403sp1.noarch.rpm"
],
"src": [
"libsoup-2.74.3-21.oe2403sp1.src.rpm"
]
}