UbuntuUpdates.org

Package "libsoup2.4-common"

Name: libsoup2.4-common

Description:

HTTP library implementation in C -- Common files
Latest version: 2.74.3-7ubuntu0.2
Release: oracular (24.10)
Level: security
Repository: main
Head package: libsoup2.4
Homepage: https://wiki.gnome.org/Projects/libsoup

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libsoup2.4-common"

All arch deb package
APT INSTALL

Other versions of "libsoup2.4-common" in Oracular

Repository Area Version
base main 2.74.3-7
updates main 2.74.3-7ubuntu0.2

Changelog

Version: 2.74.3-7ubuntu0.2 2025-04-11 00:07:09 UTC

  libsoup2.4 (2.74.3-7ubuntu0.2) oracular-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2025-2784-1.patch: Fix potential overflow
    - debian/patches/CVE-2025-2784-2.patch: Add better coverage of
      skip_insignificant_space()
    - CVE-2025-2784
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2025-32050.patch: Fix using int instead of
      size_t for strcspn return
    - CVE-2025-32050
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2025-32052.patch: Fix heap buffer overflow in
      soup_content_sniffer_sniff
    - CVE-2025-32052
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2025-32053.patch: Fix heap buffer overflow in
      sniff_feed_or_html()
    - CVE-2025-32053

 -- Fabian Toepfer <email address hidden> Wed, 09 Apr 2025 19:21:32 +0200
Source diff to previous version
CVE-2025-2784 A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. L
CVE-2025-32050 A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read.
CVE-2025-32052 A flaw was found in libsoup. A vulnerability in the sniff_unknown() function may lead to heap buffer over-read.
CVE-2025-32053 A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.

Version: 2.74.3-7ubuntu0.1 2024-11-27 03:07:00 UTC

  libsoup2.4 (2.74.3-7ubuntu0.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Request smuggling
    - debian/patches/CVE-2024-52530.patch: Strictly don't allow NUL
      bytes in headers
    - CVE-2024-52530
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2024-52531-1.patch: Be more robust against
      invalid input when parsing params
    - debian/patches/CVE-2024-52531-2.patch: Add test for passing
      invalid UTF-8 to soup_header_parse_semi_param_list()
    - CVE-2024-52531
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-52532-1.patch: process the frame as soon
      as data is read
    - debian/patches/CVE-2024-52532-2.patch: disconnect error copy
      after the test ends
    - CVE-2024-52532

 -- Bruce Cable <email address hidden> Tue, 19 Nov 2024 09:24:46 +1100
CVE-2024-52530 GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e.,
CVE-2024-52531 GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input re
CVE-2024-52532 GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients.


About   -   Send Feedback to @ubuntu_updates