An update for libsoup3 is now available for openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2584 Final 1.0 1.0 2026-06-05 Initial 2026-06-05 2026-06-05 openEuler SA Tool V1.0 2026-06-05 libsoup3 security update An update for libsoup3 is now available for openEuler-24.03-LTS-SP3 Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fix(es): A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.(CVE-2025-32914) A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.(CVE-2026-1760) A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.(CVE-2026-2369) An update for libsoup3 is now available for openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical libsoup3 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32914 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-1760 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-2369 https://nvd.nist.gov/vuln/detail/CVE-2025-32914 https://nvd.nist.gov/vuln/detail/CVE-2026-1760 https://nvd.nist.gov/vuln/detail/CVE-2026-2369 openEuler-24.03-LTS-SP3 libsoup3-3.4.5-17.oe2403sp3.aarch64.rpm libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64.rpm libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64.rpm libsoup3-devel-3.4.5-17.oe2403sp3.aarch64.rpm libsoup3-3.4.5-17.oe2403sp3.src.rpm libsoup3-3.4.5-17.oe2403sp3.x86_64.rpm libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64.rpm libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64.rpm libsoup3-devel-3.4.5-17.oe2403sp3.x86_64.rpm libsoup3-help-3.4.5-17.oe2403sp3.noarch.rpm A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds. 2026-06-05 CVE-2025-32914 openEuler-24.03-LTS-SP3 High 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H libsoup3 security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584 A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions. 2026-06-05 CVE-2026-1760 openEuler-24.03-LTS-SP3 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L libsoup3 security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584 A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service. 2026-06-05 CVE-2026-2369 openEuler-24.03-LTS-SP3 Critical 9.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H libsoup3 security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584