Packages
- libsoup2.4 - HTTP client/server library for GNOME
- libsoup3 - HTTP client/server library for GNOME
Details
Jan Różański discovered that libsoup incorrectly handled range headers in
an HTTP request. An attacker could possibly use this issue to cause libsoup
to consume excessive memory, resulting in a denial of service.
(CVE-2025-32907)
Alon Zahavi discovered that libsoup incorrectly handled memory when parsing
HTTP requests. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of service
or obtaining sensitive information. This issue only affected Ubuntu 25.04.
(CVE-2025-32914)
It was discovered that libsoup incorrectly handled memory when parsing
the expiration date of maliciously crafted cookies. An attacker could
possibly use this issue to cause a denial of service. (CVE-2025-4945)
It was discovered that libsoup incorrectly handled integer...
Jan Różański discovered that libsoup incorrectly handled range headers in
an HTTP request. An attacker could possibly use this issue to cause libsoup
to consume excessive memory, resulting in a denial of service.
(CVE-2025-32907)
Alon Zahavi discovered that libsoup incorrectly handled memory when parsing
HTTP requests. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of service
or obtaining sensitive information. This issue only affected Ubuntu 25.04.
(CVE-2025-32914)
It was discovered that libsoup incorrectly handled memory when parsing
the expiration date of maliciously crafted cookies. An attacker could
possibly use this issue to cause a denial of service. (CVE-2025-4945)
It was discovered that libsoup incorrectly handled integer calculations
when parsing multipart data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-4948)
It was discovered that libsoup incorrectly handled buffer reading when
locating boundaries in multipart forms. An attacker could possibly use this
issue to cause a denial of service or obtain sensitive information.
(CVE-2025-4969)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.04 plucky | libsoup-2.4-1 – 2.74.3-10ubuntu0.4 | ||
| libsoup-3.0-0 – 3.6.5-1ubuntu0.2 | |||
| 24.04 noble | libsoup-2.4-1 – 2.74.3-6ubuntu1.6 | ||
| libsoup-3.0-0 – 3.4.4-5ubuntu0.5 | |||
| 22.04 jammy | libsoup-3.0-0 – 3.0.7-0ubuntu1+esm5 | ||
| libsoup2.4-1 – 2.74.2-3ubuntu0.6 | |||
| 20.04 focal | libsoup2.4-1 – 2.70.0-1ubuntu0.5+esm1 | ||
| 18.04 bionic | libsoup2.4-1 – 2.62.1-1ubuntu0.4+esm6 | ||
| 16.04 xenial | libsoup2.4-1 – 2.52.2-1ubuntu0.3+esm5 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.