Red Hat Product Errata RHSA-2026:0421 - Security Advisory
Issued:
2026-01-12
Updated:
2026-01-12

RHSA-2026:0421 - Security Advisory

Synopsis

Important: libsoup security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) (CVE-2025-14523)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

  • BZ - 2421349 - CVE-2025-14523 libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

Red Hat Enterprise Linux for x86_64 8

SRPM
libsoup-2.62.3-11.el8_10.src.rpm SHA-256: bfe502837fd573a3eec2a0a4d53b1a101d2b1767961a727cfa25747523a20a34
x86_64
libsoup-2.62.3-11.el8_10.i686.rpm SHA-256: e638bee8b0a516d88b04fea082f0798fbd389b5fb146e899ed53b41811aa88d3
libsoup-2.62.3-11.el8_10.x86_64.rpm SHA-256: 4e2212839f6ad40d268257dae36f7a874617f08fb5182cc5ae23f616debf1084
libsoup-debuginfo-2.62.3-11.el8_10.i686.rpm SHA-256: fb65d86893bd35b5750410f5343b1c50ca7728fb05aa8c65c1177f080a90a7ad
libsoup-debuginfo-2.62.3-11.el8_10.i686.rpm SHA-256: fb65d86893bd35b5750410f5343b1c50ca7728fb05aa8c65c1177f080a90a7ad
libsoup-debuginfo-2.62.3-11.el8_10.x86_64.rpm SHA-256: acc26b52fbadd4480634e6c7d92dc83ac0bbc87a0d86ea89b73869ab74e774c5
libsoup-debuginfo-2.62.3-11.el8_10.x86_64.rpm SHA-256: acc26b52fbadd4480634e6c7d92dc83ac0bbc87a0d86ea89b73869ab74e774c5
libsoup-debugsource-2.62.3-11.el8_10.i686.rpm SHA-256: 97f9a0f0ba0259e4903acac30a5e716285d0fa1282a7b450343ae744339430eb
libsoup-debugsource-2.62.3-11.el8_10.i686.rpm SHA-256: 97f9a0f0ba0259e4903acac30a5e716285d0fa1282a7b450343ae744339430eb
libsoup-debugsource-2.62.3-11.el8_10.x86_64.rpm SHA-256: d5860474b181bd3d6b255016b6dfbe234a997f3e5b263562839994bdff81cda3
libsoup-debugsource-2.62.3-11.el8_10.x86_64.rpm SHA-256: d5860474b181bd3d6b255016b6dfbe234a997f3e5b263562839994bdff81cda3
libsoup-devel-2.62.3-11.el8_10.i686.rpm SHA-256: 585d0024bdd7dd42f3f4d2e82cac68fdfe88be45109be390818928cbb4e9bfae
libsoup-devel-2.62.3-11.el8_10.x86_64.rpm SHA-256: 7cbd1b89ed19024492f0d7ced8f8f855f333f5c11b626b53f17c37976083320c

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
libsoup-2.62.3-11.el8_10.src.rpm SHA-256: bfe502837fd573a3eec2a0a4d53b1a101d2b1767961a727cfa25747523a20a34
s390x
libsoup-2.62.3-11.el8_10.s390x.rpm SHA-256: 0775c7a25910ca6a7a16f41736956811b6a8fb82c9361e9c96719a92e5b126f2
libsoup-debuginfo-2.62.3-11.el8_10.s390x.rpm SHA-256: 14b22f58022e49c8094caf03a6f6113fb15578eb331f1e997e86823921750d27
libsoup-debuginfo-2.62.3-11.el8_10.s390x.rpm SHA-256: 14b22f58022e49c8094caf03a6f6113fb15578eb331f1e997e86823921750d27
libsoup-debugsource-2.62.3-11.el8_10.s390x.rpm SHA-256: 15594ea0195cb832c3bac762cc260b4ab078bac05604713276f5fe0f3bee93e6
libsoup-debugsource-2.62.3-11.el8_10.s390x.rpm SHA-256: 15594ea0195cb832c3bac762cc260b4ab078bac05604713276f5fe0f3bee93e6
libsoup-devel-2.62.3-11.el8_10.s390x.rpm SHA-256: b9359cd250c1e64f347474beaf0f530eeea9c1cdc225b96a490fbc6c1d60110c

Red Hat Enterprise Linux for Power, little endian 8

SRPM
libsoup-2.62.3-11.el8_10.src.rpm SHA-256: bfe502837fd573a3eec2a0a4d53b1a101d2b1767961a727cfa25747523a20a34
ppc64le
libsoup-2.62.3-11.el8_10.ppc64le.rpm SHA-256: 8171034af35eec552a225e2b0fcdfd1c2309dea0f0879fc281ac85a585c26e10
libsoup-debuginfo-2.62.3-11.el8_10.ppc64le.rpm SHA-256: e0d645ba4363929ebc16f21d75fcaf5e270ebc7d49e739d71f586a1f89e55d46
libsoup-debuginfo-2.62.3-11.el8_10.ppc64le.rpm SHA-256: e0d645ba4363929ebc16f21d75fcaf5e270ebc7d49e739d71f586a1f89e55d46
libsoup-debugsource-2.62.3-11.el8_10.ppc64le.rpm SHA-256: b849fb85da309d231835244094ae81bcce511c6da6681e657b8dcc36401dc087
libsoup-debugsource-2.62.3-11.el8_10.ppc64le.rpm SHA-256: b849fb85da309d231835244094ae81bcce511c6da6681e657b8dcc36401dc087
libsoup-devel-2.62.3-11.el8_10.ppc64le.rpm SHA-256: 89fadb5fbb7d81646f680419dd803ac002df4a4e90c86144cf1ec78c9dd43cff

Red Hat Enterprise Linux for ARM 64 8

SRPM
libsoup-2.62.3-11.el8_10.src.rpm SHA-256: bfe502837fd573a3eec2a0a4d53b1a101d2b1767961a727cfa25747523a20a34
aarch64
libsoup-2.62.3-11.el8_10.aarch64.rpm SHA-256: dca2986c98796be30a68615af90365c536f5b9c2500ab843321fbc6b7d4824ab
libsoup-debuginfo-2.62.3-11.el8_10.aarch64.rpm SHA-256: 94894f2611795c4f63c41a0980adfdf8f841e7ebe2416340f0cb2a59c71a8349
libsoup-debuginfo-2.62.3-11.el8_10.aarch64.rpm SHA-256: 94894f2611795c4f63c41a0980adfdf8f841e7ebe2416340f0cb2a59c71a8349
libsoup-debugsource-2.62.3-11.el8_10.aarch64.rpm SHA-256: 8835c51c2fac0e7b6361a6b2aac1a88186bda41af1a927dbb93b2a0cf2361b8f
libsoup-debugsource-2.62.3-11.el8_10.aarch64.rpm SHA-256: 8835c51c2fac0e7b6361a6b2aac1a88186bda41af1a927dbb93b2a0cf2361b8f
libsoup-devel-2.62.3-11.el8_10.aarch64.rpm SHA-256: 1e2c4fe5224f689c78922719efe29a207cffa0fcc3a3c304a740c4ca11a170a0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.