Ubuntu Security Notice 7126-1 - It was discovered that libsoup ignored certain characters at the end of header names. A remote attacker could possibly use this issue to perform a HTTP request smuggling attack. It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service.
cdd94a4f3569687a23d5f90580cbb143f94576b6385e0c33dfac46abdac253a6==========================================================================
Ubuntu Security Notice USN-7126-1
November 27, 2024
libsoup2.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in libsoup.
Software Description:
- libsoup2.4: HTTP client/server library for GNOME
Details:
It was discovered that libsoup ignored certain characters at the end of
header names. A remote attacker could possibly use this issue to perform
a HTTP request smuggling attack. (CVE-2024-52530)
It was discovered that libsoup did not correctly handle memory while
performing UTF-8 conversions. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2024-52531)
It was discovered that libsoup could enter an infinite loop when reading
certain websocket data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2024-52532)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsoup-2.4-1 2.74.3-7ubuntu0.1
Ubuntu 24.04 LTS
libsoup-2.4-1 2.74.3-6ubuntu1.1
Ubuntu 22.04 LTS
libsoup2.4-1 2.74.2-3ubuntu0.1
Ubuntu 20.04 LTS
libsoup2.4-1 2.70.0-1ubuntu0.1
Ubuntu 18.04 LTS
libsoup2.4-1 2.62.1-1ubuntu0.4+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7126-1
CVE-2024-52530, CVE-2024-52531, CVE-2024-52532
Package Information:
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-7ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-6ubuntu1.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libsoup2.4/2.70.0-1ubuntu0.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed