openSUSE-SU-2026:20142-1

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20142-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2026:20142-1

Upstream

CVE-2025-11021

CVE-2026-0716

CVE-2026-0719

Related

CVE-2025-11021
CVE-2026-0716
CVE-2026-0719

Published

2026-01-30T14:27:58Z

Modified

2026-03-23T04:54:45.782514Z

Summary

Security update for libsoup

Details

This update for libsoup fixes the following issues:

CVE-2025-11021: Fixed out-of-bounds read in Cookie Date Handling of libsoup HTTP Library (bsc#1250562).
CVE-2026-0719: Fixed stack-based buffer overflow in NTLM authentication can lead to arbitrary code execution (bsc#1256399).
CVE-2026-0716: Fixed improper bounds handling may allow out-of-bounds read (bsc#1256418).

References

Affected packages

openSUSE:Leap 16.0 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/opensuse/libsoup&distro=openSUSE%20Leap%2016.0

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.5-160000.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libsoup-3_0-0": "3.6.5-160000.3.1",
            "typelib-1_0-Soup-3_0": "3.6.5-160000.3.1",
            "libsoup-devel": "3.6.5-160000.3.1",
            "libsoup-lang": "3.6.5-160000.3.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20142-1.json"