Threats Tagged 'cve-2026-0719'

Two security vulnerabilities have been identified in the libsoup HTTP client and server library used in GNOME, affecting Red Hat Enterprise Linux 9.4 Extended Update Support and related variants. The first vulnerability (CVE-2026-0719) involves a signed to unsigned conversion error that leads to a stack-based buffer overflow during NTLM authentication. The second vulnerability (CVE-2026-1761) is a stack-based buffer overflow in multipart HTTP response parsing. Red Hat has issued an important security advisory with updated libsoup packages addressing these issues.

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719) * libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library used in GNOME, affecting Red Hat Enterprise Linux 9.2. The first is a signed to unsigned conversion error that leads to a stack-based buffer overflow in libsoup NTLM authentication (CVE-2026-0719). The second is a stack-based buffer overflow in libsoup multipart response parsing (CVE-2026-1761). Red Hat has issued an important security advisory with updates to address these issues. The vulnerabilities are rated as having a high security impact. Updated libsoup packages are available for Red Hat Enterprise Linux 9.2 and related variants. Users should apply the provided updates to remediate these vulnerabilities.

The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719) * libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Two stack-based buffer overflow vulnerabilities were identified in the libsoup HTTP client and server library used by GNOME. One is caused by a signed to unsigned conversion error in NTLM authentication (CVE-2026-0719), and the other occurs in multipart HTTP response parsing (CVE-2026-1761). These vulnerabilities affect Red Hat Enterprise Linux 9.6 Extended Update Support and related variants. Red Hat has issued security updates to address these issues.

Two stack-based buffer overflow vulnerabilities have been identified in the libsoup HTTP client and server library used by GNOME. One vulnerability (CVE-2026-0719) arises from a signed to unsigned conversion error in NTLM authentication, and the other (CVE-2026-1761) occurs during multipart HTTP response parsing. These issues affect Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions across multiple architectures. Red Hat has issued a security advisory with updated packages to address these vulnerabilities.

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719) * libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Two stack-based buffer overflow vulnerabilities have been identified in libsoup, affecting the spice-client-win MSI installers for Windows clients on Red Hat Enterprise Linux 8. One vulnerability (CVE-2026-0719) is due to a signed to unsigned conversion error in NTLM authentication, and the other (CVE-2026-1761) occurs during multipart HTTP response parsing. Red Hat has released security updates addressing these issues for multiple architectures and extended life cycle versions of Red Hat Enterprise Linux 8.

The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719) * libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Two security vulnerabilities have been identified in the libsoup HTTP client and server library for GNOME, used in Red Hat Enterprise Linux 9. These include a signed to unsigned conversion error causing a stack-based buffer overflow in NTLM authentication (CVE-2026-0719) and a stack-based buffer overflow in multipart HTTP response parsing (CVE-2026-1761). Red Hat has issued an important security advisory with updates to address these issues. The vulnerabilities are rated as having important security impact, and updated libsoup packages are available for Red Hat Enterprise Linux 9 across multiple architectures.