Package "libsoup2.4-common"
| Name: |
libsoup2.4-common
|
Description: |
HTTP library implementation in C -- Common files
|
| Latest version: |
2.74.3-6ubuntu1.6 |
| Release: |
noble (24.04) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
libsoup2.4 |
| Homepage: |
https://wiki.gnome.org/Projects/libsoup |
Links
Download "libsoup2.4-common"
Other versions of "libsoup2.4-common" in Noble
Changelog
|
libsoup2.4 (2.74.3-6ubuntu1.6) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service.
- debian/patches/CVE-2025-32907-*.patch: Add i-- in
libsoup/soup-message-headers.c. Add B_SANITIZE_OPTION to meson.build.
- debian/patches/CVE-2025-4948.patch: Add ternary end - 2 - split check in
libsoup/soup-multipart.c.
- CVE-2025-32907
- CVE-2025-4948
* SECURITY UPDATE: Out of bounds read.
- debian/patches/CVE-2025-4969.patch: Add extra if checks for start of line
in libsoup/soup-multipart.c.
- CVE-2025-4969
* SECURITY UPDATE: Improper validation of cookie expiration.
- debian/patches/CVE-2025-4945-*.patch: Add extra date checks in
libsoup/soup-date.c.
- CVE-2025-4945
-- Hlib Korzhynskyy <email address hidden> Tue, 15 Jul 2025 11:36:10 -0230
|
| Source diff to previous version |
| CVE-2025-32907 |
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious c |
| CVE-2025-4948 |
A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other application |
| CVE-2025-4969 |
A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. Th |
| CVE-2025-4945 |
A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises whe |
|
|
libsoup2.4 (2.74.3-6ubuntu1.5) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service.
- debian/patches/CVE-2025-4476.patch: Replace strcmp with g_strcmp0 in
./libsoup/soup-auth-digest.c.
- CVE-2025-4476
-- Hlib Korzhynskyy <email address hidden> Fri, 23 May 2025 14:20:52 -0230
|
| Source diff to previous version |
| CVE-2025-4476 |
A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a |
|
|
libsoup2.4 (2.74.3-6ubuntu1.4) noble-security; urgency=medium
* SECURITY REGRESSION: Incomplete fix for CVE-2025-32912 (LP: #2110056)
- debian/patches/CVE-2025-32912-fix1.patch: Replace g_hash_table_contains
with g_hash_table_lookup in ./libsoup/soup-auth-digest.c.
- CVE-2025-32912
-- Hlib Korzhynskyy <email address hidden> Tue, 06 May 2025 15:00:18 -0230
|
| Source diff to previous version |
| 2110056 |
Incomplete fix for CVE-2025-32912 |
| CVE-2025-32912 |
A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. |
|
|
libsoup2.4 (2.74.3-6ubuntu1.3) noble-security; urgency=medium
* SECURITY UPDATE: Out of bound read.
- debian/patches/CVE-2025-32906-*.patch: Add out of bound checks in
soup_headers_parse_request in ./libsoup/soup-headers.c.
- debian/patches/CVE-2025-32914.patch: Replace strstr operation with
g_strstr_len in ./libsoup/soup-multipart.c.
- CVE-2025-32906
- CVE-2025-32914
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2025-32909.patch: Add resource size check in
./libsoup/soup-content-sniffer.c.
- debian/patches/CVE-2025-32910-32912-*.patch: Add checks for missing realm
and nonce, and fix memory leak in ./libsoup/soup-auth-digest.c.
- debian/patches/CVE-2025-32912.patch: Add additional checks for nonce in
./libsoup/soup-auth-digest.c.
- CVE-2025-32909
- CVE-2025-32910
- CVE-2025-32912
* SECURITY UPDATE: Memory corruption.
- debian/patches/CVE-2025-32911-32913-*.patch: Add checks for empty
filename in ./libsoup/soup-message-headers.c.
- CVE-2025-32911
- CVE-2025-32913
* SECURITY UPDATE: Memory leak.
- debian/patches/CVE-2025-46420.patch: Free allocated strings during
iteration in ./libsoup/soup-headers.c.
- CVE-2025-46420
* SECURITY UPDATE: Information exposure through host impersonation.
- debian/patches/CVE-2025-46421.patch: Strip credentials on cross-origin
redirects in ./libsoup/soup-session.c.
- CVE-2025-46421
* debian/patches/Extend-test-cert-to-2049.patch: Extend expiration to 2049 of
a certificate used for build tests.
-- Hlib Korzhynskyy <email address hidden> Fri, 02 May 2025 13:51:41 -0230
|
| Source diff to previous version |
| CVE-2025-32906 |
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious |
| CVE-2025-32914 |
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a maliciou |
| CVE-2025-32909 |
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause |
| CVE-2025-32910 |
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup clie |
| CVE-2025-32912 |
A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. |
| CVE-2025-32911 |
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a maliciou |
| CVE-2025-32913 |
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw |
| CVE-2025-46420 |
A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that conta |
| CVE-2025-46421 |
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that |
|
|
libsoup2.4 (2.74.3-6ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-2784-1.patch: Fix potential overflow
- debian/patches/CVE-2025-2784-2.patch: Add better coverage of
skip_insignificant_space()
- CVE-2025-2784
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32050.patch: Fix using int instead of
size_t for strcspn return
- CVE-2025-32050
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32052.patch: Fix heap buffer overflow in
soup_content_sniffer_sniff
- CVE-2025-32052
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2025-32053.patch: Fix heap buffer overflow in
sniff_feed_or_html()
- CVE-2025-32053
-- Fabian Toepfer <email address hidden> Wed, 09 Apr 2025 15:22:08 +0200
|
| CVE-2025-2784 |
A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. L |
| CVE-2025-32050 |
A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. |
| CVE-2025-32052 |
A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read. |
| CVE-2025-32053 |
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. |
|
About
-
Send Feedback to @ubuntu_updates
