Red Hat Product Errata RHSA-2026:17482 - Security Advisory
Issued:
2026-05-14
Updated:
2026-05-14

RHSA-2026:17482 - Security Advisory

Synopsis

Moderate: libsoup3 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup3 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.

Security Fix(es):

  • libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271)
  • libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2448044 - CVE-2026-4271 libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
  • BZ - 2452932 - CVE-2026-5119 libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
x86_64
libsoup3-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 40cd21e2539f703263bb45bafc14b1c7b2d40f10799ff37eaffb783e4b594aa6
libsoup3-debuginfo-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3eeb238df3d7e7405c1f4acc8457b4f7eeca21bb9f6f01e2c37874c5f17714ee
libsoup3-debugsource-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: c372630fd52ec3741dc0335bc7207da341b9c2beb477f10c9af6d8ba08a88386
libsoup3-devel-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3c46413ab21174cabe7f21da2e5cd44e0bf1d01f1c21a2188779fb61638c6d2c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
s390x
libsoup3-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 5475b3fbbd7a0a1d8bcfcad38c8f547a05ba97246fdd9dafcb7cfaca6bd601a0
libsoup3-debuginfo-3.6.5-3.el10_0.15.s390x.rpm SHA-256: d79073ade130cd33eac0afcd04bf0b2bc1330e9514e8862eeb8fa8d02bbcfece
libsoup3-debugsource-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 8981680695217daaf335b3a13ff309f663a1c1e9560012dec86317b43a0ab699
libsoup3-devel-3.6.5-3.el10_0.15.s390x.rpm SHA-256: c75962d67642335adad02ed7789eda8d31e86726d2f93e2c0bf5732e4c5f2fab

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
ppc64le
libsoup3-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 9691b983bc35b0ffa32d0233378149f19947e46b1b0df405cfea74c4d911e1ee
libsoup3-debuginfo-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 7010771b69f1eb4260b3500f830d9ae7a5feb9d3c0a55a8ead1c6503411ab433
libsoup3-debugsource-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: fc81096d5a92e7f97ee3ce375cf76e53f43bf886651bf918134e1195d07e8f89
libsoup3-devel-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 78bfa0b14f312b1eb90773aa98e510c1b323d212cc7b09d83726e1532548e84c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
aarch64
libsoup3-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 12f99f58832d791d57d7b758248dc841c24503b6558384f4c885f9ceef0ff097
libsoup3-debuginfo-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 0f1a8bb924620af82a5019f8dafeb33a79c6f6a8b88b93f3e9bbceb3c732bc1b
libsoup3-debugsource-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 3439d38c1991170563a92e0603458775a49a80ebaba44b433ae64c0b3e45e554
libsoup3-devel-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: e938840d7e2b16e7eff0efc81d453a3078b6ba232d57a999c63d86bf3af8e687

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0

SRPM
x86_64
libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0

SRPM
ppc64le
libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0

SRPM
s390x
libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0

SRPM
aarch64
libsoup3-doc-3.6.5-3.el10_0.15.noarch.rpm SHA-256: dbbaff96853701ae55ecc76804c13eba1602bfc33ff36ecec712bdba3a4fe60e

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
aarch64
libsoup3-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 12f99f58832d791d57d7b758248dc841c24503b6558384f4c885f9ceef0ff097
libsoup3-debuginfo-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 0f1a8bb924620af82a5019f8dafeb33a79c6f6a8b88b93f3e9bbceb3c732bc1b
libsoup3-debugsource-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: 3439d38c1991170563a92e0603458775a49a80ebaba44b433ae64c0b3e45e554
libsoup3-devel-3.6.5-3.el10_0.15.aarch64.rpm SHA-256: e938840d7e2b16e7eff0efc81d453a3078b6ba232d57a999c63d86bf3af8e687

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
s390x
libsoup3-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 5475b3fbbd7a0a1d8bcfcad38c8f547a05ba97246fdd9dafcb7cfaca6bd601a0
libsoup3-debuginfo-3.6.5-3.el10_0.15.s390x.rpm SHA-256: d79073ade130cd33eac0afcd04bf0b2bc1330e9514e8862eeb8fa8d02bbcfece
libsoup3-debugsource-3.6.5-3.el10_0.15.s390x.rpm SHA-256: 8981680695217daaf335b3a13ff309f663a1c1e9560012dec86317b43a0ab699
libsoup3-devel-3.6.5-3.el10_0.15.s390x.rpm SHA-256: c75962d67642335adad02ed7789eda8d31e86726d2f93e2c0bf5732e4c5f2fab

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
ppc64le
libsoup3-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 9691b983bc35b0ffa32d0233378149f19947e46b1b0df405cfea74c4d911e1ee
libsoup3-debuginfo-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 7010771b69f1eb4260b3500f830d9ae7a5feb9d3c0a55a8ead1c6503411ab433
libsoup3-debugsource-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: fc81096d5a92e7f97ee3ce375cf76e53f43bf886651bf918134e1195d07e8f89
libsoup3-devel-3.6.5-3.el10_0.15.ppc64le.rpm SHA-256: 78bfa0b14f312b1eb90773aa98e510c1b323d212cc7b09d83726e1532548e84c

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
libsoup3-3.6.5-3.el10_0.15.src.rpm SHA-256: 2c988bff41b88b2faf272e322db3419dc5ea666dc9ee09afd6ee958f912579d7
x86_64
libsoup3-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 40cd21e2539f703263bb45bafc14b1c7b2d40f10799ff37eaffb783e4b594aa6
libsoup3-debuginfo-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3eeb238df3d7e7405c1f4acc8457b4f7eeca21bb9f6f01e2c37874c5f17714ee
libsoup3-debugsource-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: c372630fd52ec3741dc0335bc7207da341b9c2beb477f10c9af6d8ba08a88386
libsoup3-devel-3.6.5-3.el10_0.15.x86_64.rpm SHA-256: 3c46413ab21174cabe7f21da2e5cd44e0bf1d01f1c21a2188779fb61638c6d2c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.