Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Ubuntu 25.10 libsoup3 Important Denial of Service Threat USN-8020-1

ubuntu
Calendar Grey February 9, 2026
Dist Ubuntu Esm H88
Learn about fixed security issues in libsoup for Ubuntu 22.04 LTS, 24.04 LTS, 25.10 with update instructions.
Several security issues were fixed in libsoup.

Summary

Several security issues were fixed in libsoup.

Software Description:

- libsoup3: HTTP client/server library for GNOME

Details:

It was discovered that libsoup did not correctly handle certain

URL-decoded input, which could allow for HTTP header injection. A remote

attacker could possibly use this issue to cause a denial of service or

execute arbitrary code. (CVE-2026-1467, CVE-2026-1536)

It was discovered that libsoup did not correctly handle removal of the

Proxy-Authorization header. A remote attacker could possibly use this

issue to leak sensitive information. (CVE-2026-1539)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  gir1.2-soup-3.0                 3.6.5-4ubuntu0.2
  libsoup-3.0-0                   3.6.5-4ubuntu0.2
  libsoup-3.0-common              3.6.5-4ubuntu0.2
  libsoup-3.0-dev                 3.6.5-4ubuntu0.2
  libsoup-3.0-doc                 3.6.5-4ubuntu0.2
  libsoup-3.0-tests               3.6.5-4ubuntu0.2

Ubuntu 24.04 LTS
  gir1.2-soup-3.0                 3.4.4-5ubuntu0.7
  libsoup-3.0-0                   3.4.4-5ubuntu0.7
  libsoup-3.0-common              3.4.4-5ubuntu0.7
  libsoup-3.0-dev                 3.4.4-5ubuntu0.7
  libsoup-3.0-doc                 3.4.4-5ubuntu0.7
  libsoup-3.0-tests               3.4.4-5ubuntu0.7

Ubuntu 22.04 LTS
  gir1.2-soup-3.0                 3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-0                   3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-common              3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-dev                 3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-doc                 3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-tests               3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8020-1

CVE-2026-1467, CVE-2026-1536, CVE-2026-1539

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8020-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.