ALAS2-2026-3141

Amazon Linux 2 Security Advisory: ALAS2-2026-3141
Advisory Released Date: 2026-02-05
Advisory Updated Date: 2026-02-05

Severity: Important

References: CVE-2026-0719
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk. (CVE-2026-0719)

Affected Packages:

libsoup

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update libsoup or yum update --advisory ALAS2-2026-3141 to update your system.

New Packages:

aarch64:
    libsoup-2.56.0-6.amzn2.0.6.aarch64
    libsoup-devel-2.56.0-6.amzn2.0.6.aarch64
    libsoup-debuginfo-2.56.0-6.amzn2.0.6.aarch64

i686:
    libsoup-2.56.0-6.amzn2.0.6.i686
    libsoup-devel-2.56.0-6.amzn2.0.6.i686
    libsoup-debuginfo-2.56.0-6.amzn2.0.6.i686

src:
    libsoup-2.56.0-6.amzn2.0.6.src

x86_64:
    libsoup-2.56.0-6.amzn2.0.6.x86_64
    libsoup-devel-2.56.0-6.amzn2.0.6.x86_64
    libsoup-debuginfo-2.56.0-6.amzn2.0.6.x86_64

Additional References

Release Notes: Amazon Linux 2 Release Notes

Red Hat: CVE-2026-0719

Mitre: CVE-2026-0719