Alerts This Week
Warning Icon 1 1,355
Alerts This Week
Warning Icon 1 1,355

Ubuntu 16.04, 18.04: USN-7565-1 critical: libsoup multiple issues

ubuntu
Calendar Grey June 11, 2025
Dist Ubuntu Esm H88
Critical updates in libsoup for Ubuntu 16.04 and 18.04, tackling several vulnerabilities, notably those related to Denial of Service (DoS) threats.
Several security issues were fixed in libsoup.

Summary

Several security issues were fixed in libsoup.

Software Description:

- libsoup2.4: HTTP client/server library for GNOME

Details:

It was discovered that libsoup did not correctly handle memory while

performing UTF-8 conversions. An attacker could possibly use this issue

to cause a denial of service or execute arbitrary code. This issue only

affected Ubuntu 16.04 LTS. (CVE-2024-52531)

It was discovered that libsoup could enter an infinite loop when reading

certain websocket data. An attacker could possibly use this issue to

cause a denial of service. This issue only affected Ubuntu 16.04 LTS.

(CVE-2024-52532)

It was discovered that libsoup could be made to read out of bounds. An

attacker could possibly use this issue to cause applications using

libsoup to crash, resulting in a denial of service. (CVE-2025-2784,

CVE-2025-32050, CVE-2025-32052, CVE-2025-32053)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  libsoup2.4-1                    2.62.1-1ubuntu0.4+esm5
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libsoup2.4-1                    2.52.2-1ubuntu0.3+esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7565-1

CVE-2024-52531, CVE-2024-52532, CVE-2025-2784, CVE-2025-32050,

CVE-2025-32052, CVE-2025-32053

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7565-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here