UbuntuUpdates.org

Package "libsoup2.4-common"

Name: libsoup2.4-common

Description:

HTTP library implementation in C -- Common files
Latest version: 2.74.3-10ubuntu0.4
Release: plucky (25.04)
Level: updates
Repository: main
Head package: libsoup2.4
Homepage: https://wiki.gnome.org/Projects/libsoup

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libsoup2.4-common"

All arch deb package
APT INSTALL

Other versions of "libsoup2.4-common" in Plucky

Repository Area Version
base main 2.74.3-10
security main 2.74.3-10ubuntu0.4

Changelog

Version: 2.74.3-10ubuntu0.4 2025-07-17 18:07:17 UTC

  libsoup2.4 (2.74.3-10ubuntu0.4) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-32907-*.patch: Add i-- in
      libsoup/soup-message-headers.c. Add B_SANITIZE_OPTION to meson.build.
    - debian/patches/CVE-2025-4948.patch: Add ternary end - 2 - split check in
      libsoup/soup-multipart.c.
    - CVE-2025-32907
    - CVE-2025-4948
  * SECURITY UPDATE: Out of bounds read.
    - debian/patches/CVE-2025-4969.patch: Add extra if checks for start of line
      in libsoup/soup-multipart.c.
    - CVE-2025-4969
  * SECURITY UPDATE: Improper validation of cookie expiration.
    - debian/patches/CVE-2025-4945-*.patch: Add extra date checks in
      libsoup/soup-date.c.
    - CVE-2025-4945

 -- Hlib Korzhynskyy <email address hidden> Tue, 15 Jul 2025 10:10:56 -0230
Source diff to previous version
CVE-2025-32907 A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious c
CVE-2025-4948 A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other application
CVE-2025-4969 A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. Th
CVE-2025-4945 A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises whe

Version: 2.74.3-10ubuntu0.3 2025-05-28 19:07:41 UTC

  libsoup2.4 (2.74.3-10ubuntu0.3) plucky-security; urgency=medium

  * SECURITY UPDATE: Denial of service.
    - debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
      ./libsoup/soup-auth-digest.c.
    - CVE-2025-4476

 -- Hlib Korzhynskyy <email address hidden> Fri, 23 May 2025 10:36:21 -0230
Source diff to previous version
CVE-2025-4476 A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a

Version: 2.74.3-10ubuntu0.2 2025-05-07 00:08:51 UTC

  libsoup2.4 (2.74.3-10ubuntu0.2) plucky-security; urgency=medium

  * SECURITY REGRESSION: Incomplete fix for CVE-2025-32912 (LP: #2110056)
    - debian/patches/CVE-2025-32912-fix1.patch: Replace g_hash_table_contains
      with g_hash_table_lookup in ./libsoup/soup-auth-digest.c.
    - CVE-2025-32912

 -- Hlib Korzhynskyy <email address hidden> Tue, 06 May 2025 14:32:17 -0230
2110056 Incomplete fix for CVE-2025-32912
CVE-2025-32912 A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.


About   -   Send Feedback to @ubuntu_updates