Red Hat Product Errata RHSA-2026:2182 - Security Advisory
Issued:
2026-02-05
Updated:
2026-02-05

RHSA-2026:2182 - Security Advisory

Synopsis

Important: libsoup3 security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for libsoup3 is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.

Security Fix(es):

  • libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
  • libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

  • BZ - 2427906 - CVE-2026-0719 libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication
  • BZ - 2435961 - CVE-2026-1761 libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response

Red Hat Enterprise Linux for x86_64 10

SRPM
libsoup3-3.6.5-3.el10_1.9.src.rpm SHA-256: 68281d08cd2b0a557f0c315a1430df67d63660d4870d1fa44e8ff3b621271506
x86_64
libsoup3-3.6.5-3.el10_1.9.x86_64.rpm SHA-256: 4b5f4363e989edaffb7c83f8404482ce73200f672cc5780249333fc632132085
libsoup3-debuginfo-3.6.5-3.el10_1.9.x86_64.rpm SHA-256: 91ce389310256e6b5b7bba6c2c24f9ada0a56b4457083a34ab137cce858fb5d8
libsoup3-debugsource-3.6.5-3.el10_1.9.x86_64.rpm SHA-256: f3b313e06a94958d7087295ba108134580687a33c9fcce29fa4d85f3d4f16713
libsoup3-devel-3.6.5-3.el10_1.9.x86_64.rpm SHA-256: 8e518596d3bdd041dc08f959cfa7fd333ea2cfc1ca416f7a56803ba6d60fd8d7

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
libsoup3-3.6.5-3.el10_1.9.src.rpm SHA-256: 68281d08cd2b0a557f0c315a1430df67d63660d4870d1fa44e8ff3b621271506
s390x
libsoup3-3.6.5-3.el10_1.9.s390x.rpm SHA-256: 2005ab997e55bec8e4fcec506d4affe6e4b68954dace9bdc5c436029507b71ba
libsoup3-debuginfo-3.6.5-3.el10_1.9.s390x.rpm SHA-256: 249c60a1b840cb8ed300edc075112a21c661f05bccf4066ea4f17b0c9deae20b
libsoup3-debugsource-3.6.5-3.el10_1.9.s390x.rpm SHA-256: cec394138b5755bc7bd4219d4b18c372ae01fe164c58d7c4b76cccb14db91420
libsoup3-devel-3.6.5-3.el10_1.9.s390x.rpm SHA-256: 8add71486cb9b647c0d7ec323db5414d47cd4f1f851eb86d33ee9c245f5a7650

Red Hat Enterprise Linux for Power, little endian 10

SRPM
libsoup3-3.6.5-3.el10_1.9.src.rpm SHA-256: 68281d08cd2b0a557f0c315a1430df67d63660d4870d1fa44e8ff3b621271506
ppc64le
libsoup3-3.6.5-3.el10_1.9.ppc64le.rpm SHA-256: ba81d556fd864a98d5199b9e33a9a369b0e8a84ec03d563153202bd3187dc62e
libsoup3-debuginfo-3.6.5-3.el10_1.9.ppc64le.rpm SHA-256: 350789f65c10e6c723847236995677450663fab82b6e6985c0cbda5f36fa5ae8
libsoup3-debugsource-3.6.5-3.el10_1.9.ppc64le.rpm SHA-256: 066466fbcaebbe2eba6826e5637393907b563d3c7fd03e6db33fad827122b70c
libsoup3-devel-3.6.5-3.el10_1.9.ppc64le.rpm SHA-256: b2692d1a71d99bc36c80da1350b99460bc674f3ca9cfa782d4d4015226411103

Red Hat Enterprise Linux for ARM 64 10

SRPM
libsoup3-3.6.5-3.el10_1.9.src.rpm SHA-256: 68281d08cd2b0a557f0c315a1430df67d63660d4870d1fa44e8ff3b621271506
aarch64
libsoup3-3.6.5-3.el10_1.9.aarch64.rpm SHA-256: 5d79cfa5c469277ccc4841d482834a8527778b6ba911cf3061baf24a03c72382
libsoup3-debuginfo-3.6.5-3.el10_1.9.aarch64.rpm SHA-256: 0784e334b93cd13036de6f32f7d6a8db8d752a131e83feff5d063b87162598a6
libsoup3-debugsource-3.6.5-3.el10_1.9.aarch64.rpm SHA-256: e9c100cf4e187a8b5eebba5b862ee891a6dcd63a4f2b970ff504e8379abf67bd
libsoup3-devel-3.6.5-3.el10_1.9.aarch64.rpm SHA-256: 83eed31ffa941fa536ee65a5eed8f56a5a4cf0f1522302af8461ec8b95a6f968

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
libsoup3-doc-3.6.5-3.el10_1.9.noarch.rpm SHA-256: 36aecdc62fb5b66f538a47d87343249b82865ddeab6bc043578055e2f8d94ffa

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
libsoup3-doc-3.6.5-3.el10_1.9.noarch.rpm SHA-256: 36aecdc62fb5b66f538a47d87343249b82865ddeab6bc043578055e2f8d94ffa

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
libsoup3-doc-3.6.5-3.el10_1.9.noarch.rpm SHA-256: 36aecdc62fb5b66f538a47d87343249b82865ddeab6bc043578055e2f8d94ffa

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
libsoup3-doc-3.6.5-3.el10_1.9.noarch.rpm SHA-256: 36aecdc62fb5b66f538a47d87343249b82865ddeab6bc043578055e2f8d94ffa

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.