Not a user yet?
Log in Register for free Suggest a product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Update

USN-7490-1: libsoup vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical
Update from patrick-devicebaseUpdate from:
patrick-devicebase (expert)

USN-7490-1: libsoup vulnerabilities
6 May 2025

Several security issues were fixed in libsoup.

Releases

  • Ubuntu 25.04
  • Ubuntu 24.10
  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 ESM
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM

Packages
libsoup2.4 - HTTP client/server library for GNOME

Details
Tan Wei Chong discovered that libsoup incorrectly handled memory when
parsing HTTP request headers. An attacker could possibly use this issue to
send a maliciously crafted HTTP request to the server, causing a denial of
service. (CVE-2025-32906)

Alon Zahavi discovered that libsoup incorrectly parsed video files. An
attacker could possibly use this issue to send a maliciously crafted HTTP
response back to the client, causing a denial of service, or leading to
undefined behavior. (CVE-2025-32909)

Jan Różański discovered that libsoup incorrectly handled memory when
parsing authentication headers. An attacker could possibly use this issue
to send a maliciously crafted HTTP response back to the client, causing a
denial of service. (CVE-2025-32910, CVE-2025-32912)

It was discovered that libsoup incorrectly handled data in the hash table
data type. An attacker could possibly use this issue to send a maliciously
crafted HTTP request to the server, causing a denial of service or remote
code execution. (CVE-2025-32911)

Jan Różański discovered that libsoup incorrectly handled memory when
parsing the content disposition HTTP header. An attacker could possibly use
this issue to send maliciously crafted data to a client or server, causing
a denial of service. (CVE-2025-32913)

Alon Zahavi discovered that libsoup incorrectly handled memory when parsing
HTTP requests. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of service
or obtaining sensitive information. (CVE-2025-32914)

It was discovered that libsoup incorrectly handled memory when parsing
quality-list headers. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of
service. (CVE-2025-46420)

Jan Różański discovered that libsoup did not strip authorization
information upon redirects. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2025-46421)

Update instructions
The problem can be corrected by updating your system to the following package versions:

Ubuntu 25.04

  • libsoup-2.4-1 - 2.74.3-10ubuntu0.1
    Ubuntu 24.10
  • libsoup-2.4-1 - 2.74.3-7ubuntu0.3
    Ubuntu 24.04
  • libsoup-2.4-1 - 2.74.3-6ubuntu1.3
    Ubuntu 22.04
  • libsoup2.4-1 - 2.74.2-3ubuntu0.3
    Ubuntu 20.04
  • libsoup2.4-1 - 2.70.0-1ubuntu0.3
    Ubuntu 18.04
  • libsoup2.4-1 - 2.62.1-1ubuntu0.4+esm2
  • Available with Ubuntu Pro
    Ubuntu 16.04
  • libsoup2.4-1 - 2.52.2-1ubuntu0.3+esm1
  • Available with Ubuntu Pro
    In general, a standard system update will make all the necessary changes.
Version: 24.04 LTS Link
More updatesTo the product
Receive Important Update Messages Stay tuned for upcoming Canonical Ubuntu Desktop updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad