SUSE-SU-2026:20360-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-202620360-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20360-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:20360-1
Upstream
  • CVE-2025-12105
  • CVE-2025-14523
Related
Published
2026-01-19T11:45:24Z
Modified
2026-03-23T04:53:19.475136Z
Summary
Security update for libsoup
Details

This update for libsoup fixes the following issues:

  • CVE-2025-14523: flaw in HTTP header handling can lead to host header parsing discrepancy between servers and proxies and allow for request smuggling, cache poisoning and bypass of access controls (bsc#1254876).
  • CVE-2025-12105: heap use-after-free in message queue handling during HTTP/2 read completion can lead to undefined behavior or crash (bsc#1252555).
  • CVE-2026-0716: Fixed out-of-bounds read for websocket (bsc#1256418).
  • CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399).
References

Affected packages

SUSE:Linux Micro 6.1 / libsoup

Package

Name
libsoup
Purl
pkg:rpm/suse/libsoup&distro=SUSE%20Linux%20Micro%206.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.4-slfo.1.1_6.1

Ecosystem specific 

{
    "binaries": [
        {
            "libsoup-3_0-0": "3.4.4-slfo.1.1_6.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20360-1.json"