红帽产品勘误 RHSA-2026:15968 - Security Advisory
发布:
2026-05-11
已更新:
2026-05-11

RHSA-2026:15968 - Security Advisory

概述

Moderate: libsoup3 security update

类型/严重性

Security Advisory: Moderate

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for libsoup3 is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.

Security Fix(es):

  • libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271)
  • libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

修复

  • BZ - 2448044 - CVE-2026-4271 libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
  • BZ - 2452932 - CVE-2026-5119 libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

Red Hat Enterprise Linux for x86_64 10

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
x86_64
libsoup3-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 9eb7185d8022a42f4a06e97e1217ea6fa1edd446edb52ab354e3f6a028e8ae3b
libsoup3-debuginfo-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 1bf21ae5d1dba5c8efc47659d1a42246d24713b09a892bec6ec35fd31cdf9744
libsoup3-debugsource-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 343aef51b1a8172468c5e907f3f15075a1b4217246a91f01b3edeb888b2965de
libsoup3-devel-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: c0800d85ed906f172070924db07650e1c2bd438122396b870de30bd8321c61d5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
x86_64
libsoup3-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 9eb7185d8022a42f4a06e97e1217ea6fa1edd446edb52ab354e3f6a028e8ae3b
libsoup3-debuginfo-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 1bf21ae5d1dba5c8efc47659d1a42246d24713b09a892bec6ec35fd31cdf9744
libsoup3-debugsource-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 343aef51b1a8172468c5e907f3f15075a1b4217246a91f01b3edeb888b2965de
libsoup3-devel-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: c0800d85ed906f172070924db07650e1c2bd438122396b870de30bd8321c61d5

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
s390x
libsoup3-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 12eb421b5831c7fa6f9eab6f301c0de581d33f10e9c5fda6df31e799582e2f70
libsoup3-debuginfo-3.6.5-3.el10_1.11.s390x.rpm SHA-256: b5554d8aac5ae2219a2861c814c5ccfc4008cf640d817cd8249660afa9c69391
libsoup3-debugsource-3.6.5-3.el10_1.11.s390x.rpm SHA-256: bfb461923d308b9c7e2234ebe9106089754d2e0bd46a7d4618020160137f8533
libsoup3-devel-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 2066bc766be6acfadf58a618ac16bc437e00091a51c2b9fade45940d068c29c4

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
s390x
libsoup3-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 12eb421b5831c7fa6f9eab6f301c0de581d33f10e9c5fda6df31e799582e2f70
libsoup3-debuginfo-3.6.5-3.el10_1.11.s390x.rpm SHA-256: b5554d8aac5ae2219a2861c814c5ccfc4008cf640d817cd8249660afa9c69391
libsoup3-debugsource-3.6.5-3.el10_1.11.s390x.rpm SHA-256: bfb461923d308b9c7e2234ebe9106089754d2e0bd46a7d4618020160137f8533
libsoup3-devel-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 2066bc766be6acfadf58a618ac16bc437e00091a51c2b9fade45940d068c29c4

Red Hat Enterprise Linux for Power, little endian 10

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
ppc64le
libsoup3-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 95f0b345b3274819b4af9c2b4591d5f5d052b0824c61951241a6d91d9b627e97
libsoup3-debuginfo-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 5f8d1eec391af21e39441163b280fbea156cdb869e4db6f80dc699821ab5c27f
libsoup3-debugsource-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 198c6f912fab2111e63975fbdd7924176397f25dcc1aadd4863851b1b9ca13e9
libsoup3-devel-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 29eaa9b5f63cf8ea1f192545e94c02b738c8a60e3dcf7b357a6befa42674ea06

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
ppc64le
libsoup3-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 95f0b345b3274819b4af9c2b4591d5f5d052b0824c61951241a6d91d9b627e97
libsoup3-debuginfo-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 5f8d1eec391af21e39441163b280fbea156cdb869e4db6f80dc699821ab5c27f
libsoup3-debugsource-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 198c6f912fab2111e63975fbdd7924176397f25dcc1aadd4863851b1b9ca13e9
libsoup3-devel-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 29eaa9b5f63cf8ea1f192545e94c02b738c8a60e3dcf7b357a6befa42674ea06

Red Hat Enterprise Linux for ARM 64 10

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
aarch64
libsoup3-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: b780709c7cf1750be73bc8044c19e192444dabb6f32db80e34f4c0c62389412f
libsoup3-debuginfo-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 0113bc8228fd2d5c423b00cab58bc599caf1121a7ddea15f9e33680603656489
libsoup3-debugsource-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: ba06e9c7f66188d7f985d8efac697c5d2e520578d344ecea400272b078b213f1
libsoup3-devel-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 75897f51e0c92f1087b3f682daa6270ebd1824ed6435e6aeda4f36977e1e9232

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
aarch64
libsoup3-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: b780709c7cf1750be73bc8044c19e192444dabb6f32db80e34f4c0c62389412f
libsoup3-debuginfo-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 0113bc8228fd2d5c423b00cab58bc599caf1121a7ddea15f9e33680603656489
libsoup3-debugsource-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: ba06e9c7f66188d7f985d8efac697c5d2e520578d344ecea400272b078b213f1
libsoup3-devel-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 75897f51e0c92f1087b3f682daa6270ebd1824ed6435e6aeda4f36977e1e9232

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2

SRPM
x86_64
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2

SRPM
ppc64le
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2

SRPM
s390x
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2

SRPM
aarch64
libsoup3-doc-3.6.5-3.el10_1.11.noarch.rpm SHA-256: 8b9df19813e9e3a17560427dd36e00fc75ded7ac2f4160c0dcf5c25600967da7

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
aarch64
libsoup3-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: b780709c7cf1750be73bc8044c19e192444dabb6f32db80e34f4c0c62389412f
libsoup3-debuginfo-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 0113bc8228fd2d5c423b00cab58bc599caf1121a7ddea15f9e33680603656489
libsoup3-debugsource-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: ba06e9c7f66188d7f985d8efac697c5d2e520578d344ecea400272b078b213f1
libsoup3-devel-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 75897f51e0c92f1087b3f682daa6270ebd1824ed6435e6aeda4f36977e1e9232

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
s390x
libsoup3-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 12eb421b5831c7fa6f9eab6f301c0de581d33f10e9c5fda6df31e799582e2f70
libsoup3-debuginfo-3.6.5-3.el10_1.11.s390x.rpm SHA-256: b5554d8aac5ae2219a2861c814c5ccfc4008cf640d817cd8249660afa9c69391
libsoup3-debugsource-3.6.5-3.el10_1.11.s390x.rpm SHA-256: bfb461923d308b9c7e2234ebe9106089754d2e0bd46a7d4618020160137f8533
libsoup3-devel-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 2066bc766be6acfadf58a618ac16bc437e00091a51c2b9fade45940d068c29c4

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
ppc64le
libsoup3-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 95f0b345b3274819b4af9c2b4591d5f5d052b0824c61951241a6d91d9b627e97
libsoup3-debuginfo-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 5f8d1eec391af21e39441163b280fbea156cdb869e4db6f80dc699821ab5c27f
libsoup3-debugsource-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 198c6f912fab2111e63975fbdd7924176397f25dcc1aadd4863851b1b9ca13e9
libsoup3-devel-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 29eaa9b5f63cf8ea1f192545e94c02b738c8a60e3dcf7b357a6befa42674ea06

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
x86_64
libsoup3-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 9eb7185d8022a42f4a06e97e1217ea6fa1edd446edb52ab354e3f6a028e8ae3b
libsoup3-debuginfo-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 1bf21ae5d1dba5c8efc47659d1a42246d24713b09a892bec6ec35fd31cdf9744
libsoup3-debugsource-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 343aef51b1a8172468c5e907f3f15075a1b4217246a91f01b3edeb888b2965de
libsoup3-devel-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: c0800d85ed906f172070924db07650e1c2bd438122396b870de30bd8321c61d5

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
x86_64
libsoup3-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 9eb7185d8022a42f4a06e97e1217ea6fa1edd446edb52ab354e3f6a028e8ae3b
libsoup3-debuginfo-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 1bf21ae5d1dba5c8efc47659d1a42246d24713b09a892bec6ec35fd31cdf9744
libsoup3-debugsource-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: 343aef51b1a8172468c5e907f3f15075a1b4217246a91f01b3edeb888b2965de
libsoup3-devel-3.6.5-3.el10_1.11.x86_64.rpm SHA-256: c0800d85ed906f172070924db07650e1c2bd438122396b870de30bd8321c61d5

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
aarch64
libsoup3-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: b780709c7cf1750be73bc8044c19e192444dabb6f32db80e34f4c0c62389412f
libsoup3-debuginfo-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 0113bc8228fd2d5c423b00cab58bc599caf1121a7ddea15f9e33680603656489
libsoup3-debugsource-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: ba06e9c7f66188d7f985d8efac697c5d2e520578d344ecea400272b078b213f1
libsoup3-devel-3.6.5-3.el10_1.11.aarch64.rpm SHA-256: 75897f51e0c92f1087b3f682daa6270ebd1824ed6435e6aeda4f36977e1e9232

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
ppc64le
libsoup3-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 95f0b345b3274819b4af9c2b4591d5f5d052b0824c61951241a6d91d9b627e97
libsoup3-debuginfo-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 5f8d1eec391af21e39441163b280fbea156cdb869e4db6f80dc699821ab5c27f
libsoup3-debugsource-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 198c6f912fab2111e63975fbdd7924176397f25dcc1aadd4863851b1b9ca13e9
libsoup3-devel-3.6.5-3.el10_1.11.ppc64le.rpm SHA-256: 29eaa9b5f63cf8ea1f192545e94c02b738c8a60e3dcf7b357a6befa42674ea06

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_1.11.src.rpm SHA-256: 55fca0dab1a320497b589877827353a8bad043ba0b195be61d2f8a4151ceeecc
s390x
libsoup3-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 12eb421b5831c7fa6f9eab6f301c0de581d33f10e9c5fda6df31e799582e2f70
libsoup3-debuginfo-3.6.5-3.el10_1.11.s390x.rpm SHA-256: b5554d8aac5ae2219a2861c814c5ccfc4008cf640d817cd8249660afa9c69391
libsoup3-debugsource-3.6.5-3.el10_1.11.s390x.rpm SHA-256: bfb461923d308b9c7e2234ebe9106089754d2e0bd46a7d4618020160137f8533
libsoup3-devel-3.6.5-3.el10_1.11.s390x.rpm SHA-256: 2066bc766be6acfadf58a618ac16bc437e00091a51c2b9fade45940d068c29c4

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/