{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"libsoup3 security update", "category":"general", "title":"Synopsis" }, { "text":"An update for libsoup3 is now available for openEuler-24.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages.\n\nSecurity Fix(es):\n\nA flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.(CVE-2025-32914)\n\nA flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.(CVE-2026-1760)\n\nA flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.(CVE-2026-2369)", "category":"general", "title":"Description" }, { "text":"An update for libsoup3 is now available for openEuler-24.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"libsoup3", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2584", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584" }, { "summary":"CVE-2025-32914", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-32914&packageName=libsoup3" }, { "summary":"CVE-2026-1760", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-1760&packageName=libsoup3" }, { "summary":"CVE-2026-2369", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-2369&packageName=libsoup3" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-32914" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-1760" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2369" }, { "summary":"openEuler-SA-2026-2584 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2584.json" } ], "title":"An update for libsoup3 is now available for openEuler-24.03-LTS-SP3", "tracking":{ "initial_release_date":"2026-06-08T15:01:39+08:00", "revision_history":[ { "date":"2026-06-08T15:01:39+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-06-08T15:01:39+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-06-08T15:01:39+08:00", "id":"openEuler-SA-2026-2584", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-3.4.5-17.oe2403sp3.aarch64.rpm", "name":"libsoup3-3.4.5-17.oe2403sp3.aarch64.rpm" }, "name":"libsoup3-3.4.5-17.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64.rpm", "name":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64.rpm" }, "name":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64.rpm", "name":"libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64.rpm" }, "name":"libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-devel-3.4.5-17.oe2403sp3.aarch64.rpm", "name":"libsoup3-devel-3.4.5-17.oe2403sp3.aarch64.rpm" }, "name":"libsoup3-devel-3.4.5-17.oe2403sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-3.4.5-17.oe2403sp3.src.rpm", "name":"libsoup3-3.4.5-17.oe2403sp3.src.rpm" }, "name":"libsoup3-3.4.5-17.oe2403sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-3.4.5-17.oe2403sp3.x86_64.rpm", "name":"libsoup3-3.4.5-17.oe2403sp3.x86_64.rpm" }, "name":"libsoup3-3.4.5-17.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64.rpm", "name":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64.rpm" }, "name":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64.rpm", "name":"libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64.rpm" }, "name":"libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-devel-3.4.5-17.oe2403sp3.x86_64.rpm", "name":"libsoup3-devel-3.4.5-17.oe2403sp3.x86_64.rpm" }, "name":"libsoup3-devel-3.4.5-17.oe2403sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"libsoup3-help-3.4.5-17.oe2403sp3.noarch.rpm", "name":"libsoup3-help-3.4.5-17.oe2403sp3.noarch.rpm" }, "name":"libsoup3-help-3.4.5-17.oe2403sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-3.4.5-17.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "name":"libsoup3-3.4.5-17.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "name":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "name":"libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-devel-3.4.5-17.oe2403sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "name":"libsoup3-devel-3.4.5-17.oe2403sp3.aarch64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-3.4.5-17.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "name":"libsoup3-3.4.5-17.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-3.4.5-17.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "name":"libsoup3-3.4.5-17.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "name":"libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "name":"libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-devel-3.4.5-17.oe2403sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "name":"libsoup3-devel-3.4.5-17.oe2403sp3.x86_64 as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"libsoup3-help-3.4.5-17.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch", "name":"libsoup3-help-3.4.5-17.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-32914", "notes":[ { "text":"A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ], "details":"libsoup3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.4, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2025-32914" }, { "cve":"CVE-2026-1760", "notes":[ { "text":"A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ], "details":"libsoup3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-1760" }, { "cve":"CVE-2026-2369", "notes":[ { "text":"A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ], "details":"libsoup3 security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2584" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.aarch64", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.src", "openEuler-24.03-LTS-SP3:libsoup3-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debuginfo-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-debugsource-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-devel-3.4.5-17.oe2403sp3.x86_64", "openEuler-24.03-LTS-SP3:libsoup3-help-3.4.5-17.oe2403sp3.noarch" ] } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-2369" } ] }