libsoup-2.62.3-13.el8_10

エラータID: AXSA:2026-157:03

Release date: 
Tuesday, February 10, 2026 - 11:09
Subject: 
libsoup-2.62.3-13.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.

Solution: 

Update packages.

CVEs: 
CVE-2026-0719
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2026-1761
A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption. This issue may result in application crashes or arbitrary code execution in applications that process untrusted server responses, and it does not require authentication or user interaction.
Additional Info: 

N/A

Download: 

SRPMS
  1. libsoup-2.62.3-13.el8_10.src.rpm
    MD5: 246160d81bbd41f82be414b144d70768
    SHA-256: 2fc5eb55cf1ccc60e352c57e1e93d4a0a98fd3ba05d081e24b51f175c9293bbd
    Size: 1.84 MB

Asianux Server 8 for x86_64
  1. libsoup-2.62.3-13.el8_10.i686.rpm
    MD5: 29c9d71005c6d6b2872618e85fd38871
    SHA-256: 46231b8309c3892651b268c383b2917c5aa6fa627d696578f203127cc612976e
    Size: 431.97 kB
  2. libsoup-2.62.3-13.el8_10.x86_64.rpm
    MD5: a5ae51966abcc76978720152469d4d9c
    SHA-256: 55de8e1ed6447fd63447d822c4ff2e2574b34bebd308576880b1bc27b8cffe2f
    Size: 426.83 kB
  3. libsoup-devel-2.62.3-13.el8_10.i686.rpm
    MD5: 17927ba11beefe61d8ab0536fa6a93d1
    SHA-256: 0a7ab9810f805fed1d940f272f945a5ceaecd57cc9c55acba557b1f9bcfb8511
    Size: 320.06 kB
  4. libsoup-devel-2.62.3-13.el8_10.x86_64.rpm
    MD5: 48997ab99b81c1318034eeeccb637931
    SHA-256: a6b3f0f50287153c154e76c17b2d4947335a2ce772b8c4ec7b2aaa1fd739629a
    Size: 320.05 kB