Package "libsoup2.4"
| Name: |
libsoup2.4
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- HTTP library implementation in C -- API Reference
- HTTP library implementation in C -- installed tests
|
| Latest version: |
2.74.3-10ubuntu0.1 |
| Release: |
plucky (25.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "libsoup2.4" in Plucky
Packages in group
Deleted packages are displayed in grey.
Changelog
|
libsoup2.4 (2.74.3-10ubuntu0.1) plucky-security; urgency=medium
* SECURITY UPDATE: Out of bound read.
- debian/patches/CVE-2025-32906-*.patch: Add out of bound checks in
soup_headers_parse_request in ./libsoup/soup-headers.c.
- debian/patches/CVE-2025-32914.patch: Replace strstr operation with
g_strstr_len in ./libsoup/soup-multipart.c.
- CVE-2025-32906
- CVE-2025-32914
* SECURITY UPDATE: Null pointer dereference.
- debian/patches/CVE-2025-32909.patch: Add resource size check in
./libsoup/soup-content-sniffer.c.
- debian/patches/CVE-2025-32910-32912-*.patch: Add checks for missing realm
and nonce, and fix memory leak in ./libsoup/soup-auth-digest.c.
- debian/patches/CVE-2025-32912.patch: Add additional checks for nonce in
./libsoup/soup-auth-digest.c.
- CVE-2025-32909
- CVE-2025-32910
- CVE-2025-32912
* SECURITY UPDATE: Memory corruption.
- debian/patches/CVE-2025-32911-32913-*.patch: Add checks for empty
filename in ./libsoup/soup-message-headers.c.
- CVE-2025-32911
- CVE-2025-32913
* SECURITY UPDATE: Memory leak.
- debian/patches/CVE-2025-46420.patch: Free allocated strings during
iteration in ./libsoup/soup-headers.c.
- CVE-2025-46420
* SECURITY UPDATE: Information exposure through host impersonation.
- debian/patches/CVE-2025-46421.patch: Strip credentials on cross-origin
redirects in ./libsoup/soup-session.c.
- CVE-2025-46421
-- Hlib Korzhynskyy <email address hidden> Thu, 01 May 2025 16:04:52 -0230
|
| CVE-2025-32906 |
A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious |
| CVE-2025-32914 |
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a maliciou |
| CVE-2025-32909 |
A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause |
| CVE-2025-32910 |
A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup clie |
| CVE-2025-32912 |
A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. |
| CVE-2025-32911 |
A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a maliciou |
| CVE-2025-32913 |
A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw |
| CVE-2025-46420 |
A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that conta |
| CVE-2025-46421 |
A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that |
|
About
-
Send Feedback to @ubuntu_updates
