Red Hat Product Errata RHSA-2026:19143 - Security Advisory
Issued:
2026-05-19
Updated:
2026-05-19

RHSA-2026:19143 - Security Advisory

Synopsis

Moderate: libsoup3 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup3 is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.

Security Fix(es):

  • libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271)
  • libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x

Fixes

  • BZ - 2448044 - CVE-2026-4271 libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server
  • BZ - 2452932 - CVE-2026-5119 libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment

Red Hat Enterprise Linux for x86_64 10

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
x86_64
libsoup3-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: c4bf672cd11d59b062c278d40fc8731924b192e852a3695e936c94b59a500ec8
libsoup3-debuginfo-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 2291c4b7f008518d9e12e36bcf187f95ef602aa22a8d8d7bcaab7b03c1af23f2
libsoup3-debugsource-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 5a95a8277ebdbb06795382dd095fc6f3bb8dc956e2abbf5e80f933dc8d59cccf
libsoup3-devel-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 052238c8289f9ce29ea1c756a5a725a4f06bfef75f8fcf1925578f576de22d9f

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
x86_64
libsoup3-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: c4bf672cd11d59b062c278d40fc8731924b192e852a3695e936c94b59a500ec8
libsoup3-debuginfo-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 2291c4b7f008518d9e12e36bcf187f95ef602aa22a8d8d7bcaab7b03c1af23f2
libsoup3-debugsource-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 5a95a8277ebdbb06795382dd095fc6f3bb8dc956e2abbf5e80f933dc8d59cccf
libsoup3-devel-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 052238c8289f9ce29ea1c756a5a725a4f06bfef75f8fcf1925578f576de22d9f

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
s390x
libsoup3-3.6.5-3.el10_2.11.s390x.rpm SHA-256: fd7af17fa04758fbda82c78741c4fd08af469bc7ff4ef685b431c6a0bb1b3dfc
libsoup3-debuginfo-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 403cf56218ce4bfd3a6eacca1da3d489747ed227f528708a5f765d083349cde9
libsoup3-debugsource-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 4e35674d277684566e05b326ec2789a772b33129d86c8e9799295836684a689c
libsoup3-devel-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 0495d4df1d9fea65cbcf71b7157d2b80ce5781a04d69010f3375c7f6eb765488

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
s390x
libsoup3-3.6.5-3.el10_2.11.s390x.rpm SHA-256: fd7af17fa04758fbda82c78741c4fd08af469bc7ff4ef685b431c6a0bb1b3dfc
libsoup3-debuginfo-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 403cf56218ce4bfd3a6eacca1da3d489747ed227f528708a5f765d083349cde9
libsoup3-debugsource-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 4e35674d277684566e05b326ec2789a772b33129d86c8e9799295836684a689c
libsoup3-devel-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 0495d4df1d9fea65cbcf71b7157d2b80ce5781a04d69010f3375c7f6eb765488

Red Hat Enterprise Linux for Power, little endian 10

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
ppc64le
libsoup3-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: f6658e0bd9b00de19af7941cad02fdf7e6a4b522721c915433550a70ef20a3e2
libsoup3-debuginfo-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 4223420ccd4e3051bb9c213ae7cf83cb963341dbeb846126c0838c2e7c50cd5f
libsoup3-debugsource-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 00c5f6108083572f9b01c1a3ffcd07265a594459542444fbab0f9e3102bee2e4
libsoup3-devel-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: ea2118b118da4145b6cac5b1a0396a32e208145dacf194cb618da52c73c2f0f3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
ppc64le
libsoup3-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: f6658e0bd9b00de19af7941cad02fdf7e6a4b522721c915433550a70ef20a3e2
libsoup3-debuginfo-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 4223420ccd4e3051bb9c213ae7cf83cb963341dbeb846126c0838c2e7c50cd5f
libsoup3-debugsource-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 00c5f6108083572f9b01c1a3ffcd07265a594459542444fbab0f9e3102bee2e4
libsoup3-devel-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: ea2118b118da4145b6cac5b1a0396a32e208145dacf194cb618da52c73c2f0f3

Red Hat Enterprise Linux for ARM 64 10

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
aarch64
libsoup3-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 3e017b286cbce15dc2611ea402103eaf0522ede4efedc04b3a26447aa0ccfea0
libsoup3-debuginfo-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 6201d9c82a3b8616fc73aeba5796d17c9974179ecfb17e4c12b3d650f151fb26
libsoup3-debugsource-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: a8cd78f1e83ba19e0063d5d3c8e3d708e0ea76d4f74fbdcaed5afc62fa1312f1
libsoup3-devel-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 5cf259abf4af37ce66073b6691df26ef9ec194e88647d4c5f847b09b03b47115

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
aarch64
libsoup3-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 3e017b286cbce15dc2611ea402103eaf0522ede4efedc04b3a26447aa0ccfea0
libsoup3-debuginfo-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 6201d9c82a3b8616fc73aeba5796d17c9974179ecfb17e4c12b3d650f151fb26
libsoup3-debugsource-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: a8cd78f1e83ba19e0063d5d3c8e3d708e0ea76d4f74fbdcaed5afc62fa1312f1
libsoup3-devel-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 5cf259abf4af37ce66073b6691df26ef9ec194e88647d4c5f847b09b03b47115

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2

SRPM
x86_64
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2

SRPM
ppc64le
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2

SRPM
s390x
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2

SRPM
aarch64
libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
aarch64
libsoup3-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 3e017b286cbce15dc2611ea402103eaf0522ede4efedc04b3a26447aa0ccfea0
libsoup3-debuginfo-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 6201d9c82a3b8616fc73aeba5796d17c9974179ecfb17e4c12b3d650f151fb26
libsoup3-debugsource-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: a8cd78f1e83ba19e0063d5d3c8e3d708e0ea76d4f74fbdcaed5afc62fa1312f1
libsoup3-devel-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 5cf259abf4af37ce66073b6691df26ef9ec194e88647d4c5f847b09b03b47115

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
s390x
libsoup3-3.6.5-3.el10_2.11.s390x.rpm SHA-256: fd7af17fa04758fbda82c78741c4fd08af469bc7ff4ef685b431c6a0bb1b3dfc
libsoup3-debuginfo-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 403cf56218ce4bfd3a6eacca1da3d489747ed227f528708a5f765d083349cde9
libsoup3-debugsource-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 4e35674d277684566e05b326ec2789a772b33129d86c8e9799295836684a689c
libsoup3-devel-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 0495d4df1d9fea65cbcf71b7157d2b80ce5781a04d69010f3375c7f6eb765488

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
ppc64le
libsoup3-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: f6658e0bd9b00de19af7941cad02fdf7e6a4b522721c915433550a70ef20a3e2
libsoup3-debuginfo-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 4223420ccd4e3051bb9c213ae7cf83cb963341dbeb846126c0838c2e7c50cd5f
libsoup3-debugsource-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 00c5f6108083572f9b01c1a3ffcd07265a594459542444fbab0f9e3102bee2e4
libsoup3-devel-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: ea2118b118da4145b6cac5b1a0396a32e208145dacf194cb618da52c73c2f0f3

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
x86_64
libsoup3-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: c4bf672cd11d59b062c278d40fc8731924b192e852a3695e936c94b59a500ec8
libsoup3-debuginfo-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 2291c4b7f008518d9e12e36bcf187f95ef602aa22a8d8d7bcaab7b03c1af23f2
libsoup3-debugsource-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 5a95a8277ebdbb06795382dd095fc6f3bb8dc956e2abbf5e80f933dc8d59cccf
libsoup3-devel-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 052238c8289f9ce29ea1c756a5a725a4f06bfef75f8fcf1925578f576de22d9f

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
x86_64
libsoup3-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: c4bf672cd11d59b062c278d40fc8731924b192e852a3695e936c94b59a500ec8
libsoup3-debuginfo-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 2291c4b7f008518d9e12e36bcf187f95ef602aa22a8d8d7bcaab7b03c1af23f2
libsoup3-debugsource-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 5a95a8277ebdbb06795382dd095fc6f3bb8dc956e2abbf5e80f933dc8d59cccf
libsoup3-devel-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 052238c8289f9ce29ea1c756a5a725a4f06bfef75f8fcf1925578f576de22d9f

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
aarch64
libsoup3-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 3e017b286cbce15dc2611ea402103eaf0522ede4efedc04b3a26447aa0ccfea0
libsoup3-debuginfo-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 6201d9c82a3b8616fc73aeba5796d17c9974179ecfb17e4c12b3d650f151fb26
libsoup3-debugsource-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: a8cd78f1e83ba19e0063d5d3c8e3d708e0ea76d4f74fbdcaed5afc62fa1312f1
libsoup3-devel-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 5cf259abf4af37ce66073b6691df26ef9ec194e88647d4c5f847b09b03b47115

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
ppc64le
libsoup3-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: f6658e0bd9b00de19af7941cad02fdf7e6a4b522721c915433550a70ef20a3e2
libsoup3-debuginfo-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 4223420ccd4e3051bb9c213ae7cf83cb963341dbeb846126c0838c2e7c50cd5f
libsoup3-debugsource-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 00c5f6108083572f9b01c1a3ffcd07265a594459542444fbab0f9e3102bee2e4
libsoup3-devel-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: ea2118b118da4145b6cac5b1a0396a32e208145dacf194cb618da52c73c2f0f3

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2

SRPM
libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34
s390x
libsoup3-3.6.5-3.el10_2.11.s390x.rpm SHA-256: fd7af17fa04758fbda82c78741c4fd08af469bc7ff4ef685b431c6a0bb1b3dfc
libsoup3-debuginfo-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 403cf56218ce4bfd3a6eacca1da3d489747ed227f528708a5f765d083349cde9
libsoup3-debugsource-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 4e35674d277684566e05b326ec2789a772b33129d86c8e9799295836684a689c
libsoup3-devel-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 0495d4df1d9fea65cbcf71b7157d2b80ce5781a04d69010f3375c7f6eb765488

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.