Red Hat Product Errata RHSA-2026:19143 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19143 - Security Advisory Overview Updated Packages Synopsis Moderate: libsoup3 security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libsoup3 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server (CVE-2026-4271) libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment (CVE-2026-5119) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2448044 - CVE-2026-4271 libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server BZ - 2452932 - CVE-2026-5119 libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment CVEs CVE-2026-4271 CVE-2026-5119 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 x86_64 libsoup3-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: c4bf672cd11d59b062c278d40fc8731924b192e852a3695e936c94b59a500ec8 libsoup3-debuginfo-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 2291c4b7f008518d9e12e36bcf187f95ef602aa22a8d8d7bcaab7b03c1af23f2 libsoup3-debugsource-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 5a95a8277ebdbb06795382dd095fc6f3bb8dc956e2abbf5e80f933dc8d59cccf libsoup3-devel-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 052238c8289f9ce29ea1c756a5a725a4f06bfef75f8fcf1925578f576de22d9f Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 x86_64 libsoup3-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: c4bf672cd11d59b062c278d40fc8731924b192e852a3695e936c94b59a500ec8 libsoup3-debuginfo-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 2291c4b7f008518d9e12e36bcf187f95ef602aa22a8d8d7bcaab7b03c1af23f2 libsoup3-debugsource-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 5a95a8277ebdbb06795382dd095fc6f3bb8dc956e2abbf5e80f933dc8d59cccf libsoup3-devel-3.6.5-3.el10_2.11.x86_64.rpm SHA-256: 052238c8289f9ce29ea1c756a5a725a4f06bfef75f8fcf1925578f576de22d9f Red Hat Enterprise Linux for IBM z Systems 10 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 s390x libsoup3-3.6.5-3.el10_2.11.s390x.rpm SHA-256: fd7af17fa04758fbda82c78741c4fd08af469bc7ff4ef685b431c6a0bb1b3dfc libsoup3-debuginfo-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 403cf56218ce4bfd3a6eacca1da3d489747ed227f528708a5f765d083349cde9 libsoup3-debugsource-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 4e35674d277684566e05b326ec2789a772b33129d86c8e9799295836684a689c libsoup3-devel-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 0495d4df1d9fea65cbcf71b7157d2b80ce5781a04d69010f3375c7f6eb765488 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 s390x libsoup3-3.6.5-3.el10_2.11.s390x.rpm SHA-256: fd7af17fa04758fbda82c78741c4fd08af469bc7ff4ef685b431c6a0bb1b3dfc libsoup3-debuginfo-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 403cf56218ce4bfd3a6eacca1da3d489747ed227f528708a5f765d083349cde9 libsoup3-debugsource-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 4e35674d277684566e05b326ec2789a772b33129d86c8e9799295836684a689c libsoup3-devel-3.6.5-3.el10_2.11.s390x.rpm SHA-256: 0495d4df1d9fea65cbcf71b7157d2b80ce5781a04d69010f3375c7f6eb765488 Red Hat Enterprise Linux for Power, little endian 10 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 ppc64le libsoup3-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: f6658e0bd9b00de19af7941cad02fdf7e6a4b522721c915433550a70ef20a3e2 libsoup3-debuginfo-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 4223420ccd4e3051bb9c213ae7cf83cb963341dbeb846126c0838c2e7c50cd5f libsoup3-debugsource-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 00c5f6108083572f9b01c1a3ffcd07265a594459542444fbab0f9e3102bee2e4 libsoup3-devel-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: ea2118b118da4145b6cac5b1a0396a32e208145dacf194cb618da52c73c2f0f3 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 ppc64le libsoup3-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: f6658e0bd9b00de19af7941cad02fdf7e6a4b522721c915433550a70ef20a3e2 libsoup3-debuginfo-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 4223420ccd4e3051bb9c213ae7cf83cb963341dbeb846126c0838c2e7c50cd5f libsoup3-debugsource-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: 00c5f6108083572f9b01c1a3ffcd07265a594459542444fbab0f9e3102bee2e4 libsoup3-devel-3.6.5-3.el10_2.11.ppc64le.rpm SHA-256: ea2118b118da4145b6cac5b1a0396a32e208145dacf194cb618da52c73c2f0f3 Red Hat Enterprise Linux for ARM 64 10 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 aarch64 libsoup3-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 3e017b286cbce15dc2611ea402103eaf0522ede4efedc04b3a26447aa0ccfea0 libsoup3-debuginfo-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 6201d9c82a3b8616fc73aeba5796d17c9974179ecfb17e4c12b3d650f151fb26 libsoup3-debugsource-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: a8cd78f1e83ba19e0063d5d3c8e3d708e0ea76d4f74fbdcaed5afc62fa1312f1 libsoup3-devel-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 5cf259abf4af37ce66073b6691df26ef9ec194e88647d4c5f847b09b03b47115 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM libsoup3-3.6.5-3.el10_2.11.src.rpm SHA-256: 2739bf7a4a1a1b5e221f0cbce53b2746ac107d8e9739c96a41f37d12d966eb34 aarch64 libsoup3-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 3e017b286cbce15dc2611ea402103eaf0522ede4efedc04b3a26447aa0ccfea0 libsoup3-debuginfo-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 6201d9c82a3b8616fc73aeba5796d17c9974179ecfb17e4c12b3d650f151fb26 libsoup3-debugsource-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: a8cd78f1e83ba19e0063d5d3c8e3d708e0ea76d4f74fbdcaed5afc62fa1312f1 libsoup3-devel-3.6.5-3.el10_2.11.aarch64.rpm SHA-256: 5cf259abf4af37ce66073b6691df26ef9ec194e88647d4c5f847b09b03b47115 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93 Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c2945c0b0369103f6195d93 Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x libsoup3-doc-3.6.5-3.el10_2.11.noarch.rpm SHA-256: 22d0d6cdba2c4c42b1bef0716e83a4bd157eb2783c29