An update for libsoup3 is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2666 Final 1.0 1.0 2026-06-12 Initial 2026-06-12 2026-06-12 openEuler SA Tool V1.0 2026-06-12 libsoup3 security update An update for libsoup3 is now available for openEuler-24.03-LTS-SP1 Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fix(es): A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS).(CVE-2025-32049) A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.(CVE-2025-32050) A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS).(CVE-2025-32051) A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.(CVE-2025-32907) A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.(CVE-2026-1760) A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service.(CVE-2026-2436) A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.(CVE-2026-2708) An update for libsoup3 is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High libsoup3 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32049 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32050 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32051 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32907 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-1760 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-2436 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-2708 https://nvd.nist.gov/vuln/detail/CVE-2025-32049 https://nvd.nist.gov/vuln/detail/CVE-2025-32050 https://nvd.nist.gov/vuln/detail/CVE-2025-32051 https://nvd.nist.gov/vuln/detail/CVE-2025-32907 https://nvd.nist.gov/vuln/detail/CVE-2026-1760 https://nvd.nist.gov/vuln/detail/CVE-2026-2436 https://nvd.nist.gov/vuln/detail/CVE-2026-2708 openEuler-24.03-LTS-SP1 libsoup3-3.4.5-19.oe2403sp1.aarch64.rpm libsoup3-debuginfo-3.4.5-19.oe2403sp1.aarch64.rpm libsoup3-debugsource-3.4.5-19.oe2403sp1.aarch64.rpm libsoup3-devel-3.4.5-19.oe2403sp1.aarch64.rpm libsoup3-3.4.5-19.oe2403sp1.src.rpm libsoup3-3.4.5-19.oe2403sp1.x86_64.rpm libsoup3-debuginfo-3.4.5-19.oe2403sp1.x86_64.rpm libsoup3-debugsource-3.4.5-19.oe2403sp1.x86_64.rpm libsoup3-devel-3.4.5-19.oe2403sp1.x86_64.rpm libsoup3-help-3.4.5-19.oe2403sp1.noarch.rpm A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). 2026-06-12 CVE-2025-32049 openEuler-24.03-LTS-SP1 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. 2026-06-12 CVE-2025-32050 openEuler-24.03-LTS-SP1 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). 2026-06-12 CVE-2025-32051 openEuler-24.03-LTS-SP1 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. 2026-06-12 CVE-2025-32907 openEuler-24.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions. 2026-06-12 CVE-2026-1760 openEuler-24.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 A flaw was found in libsoup's SoupServer. A remote attacker could exploit a use-after-free vulnerability where the `soup_server_disconnect()` function frees connection objects prematurely, even if a TLS handshake is still pending. If the handshake completes after the connection object has been freed, a dangling pointer is accessed, leading to a server crash and a Denial of Service. 2026-06-12 CVE-2026-2436 openEuler-24.03-LTS-SP1 Medium 6.5 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666 A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values. 2026-06-12 CVE-2026-2708 openEuler-24.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N libsoup3 security update 2026-06-12 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2666