Ubuntu alert USN-8020-1 (libsoup3)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-8020-1] libsoup vulnerabilities
Date:
             
 
Mon, 09 Feb 2026 22:25:38 +0000
Message-ID:
             
 
<E1vpZhK-0003jY-SM@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-8020-1
February 08, 2026

libsoup3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in libsoup.

Software Description:
- libsoup3: HTTP client/server library for GNOME

Details:

It was discovered that libsoup did not correctly handle certain
URL-decoded input, which could allow for HTTP header injection. A remote
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2026-1467, CVE-2026-1536)

It was discovered that libsoup did not correctly handle removal of the
Proxy-Authorization header. A remote attacker could possibly use this
issue to leak sensitive information. (CVE-2026-1539)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  gir1.2-soup-3.0                 3.6.5-4ubuntu0.2
  libsoup-3.0-0                   3.6.5-4ubuntu0.2
  libsoup-3.0-common              3.6.5-4ubuntu0.2
  libsoup-3.0-dev                 3.6.5-4ubuntu0.2
  libsoup-3.0-doc                 3.6.5-4ubuntu0.2
  libsoup-3.0-tests               3.6.5-4ubuntu0.2

Ubuntu 24.04 LTS
  gir1.2-soup-3.0                 3.4.4-5ubuntu0.7
  libsoup-3.0-0                   3.4.4-5ubuntu0.7
  libsoup-3.0-common              3.4.4-5ubuntu0.7
  libsoup-3.0-dev                 3.4.4-5ubuntu0.7
  libsoup-3.0-doc                 3.4.4-5ubuntu0.7
  libsoup-3.0-tests               3.4.4-5ubuntu0.7

Ubuntu 22.04 LTS
  gir1.2-soup-3.0                 3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-0                   3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-common              3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-dev                 3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-doc                 3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro
  libsoup-3.0-tests               3.0.7-0ubuntu1+esm7
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8020-1
  CVE-2026-1467, CVE-2026-1536, CVE-2026-1539

Package Information:
  https://launchpad.net/ubuntu/+source/libsoup3/3.6.5-4ubun...
  https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubun...


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmKXo8ACgkQcpJm3tlz
hgFzZw/+IN7XcLcO8y+M6I6Rc6Wp3k7zJnvJDfZKrOOs2Rxq3ubGKO1b6co/1C1J
gQmkrJd143N6MInesMdnt29jym0cSq1xnKwREUYS1s1JSV72gjwm4kgZS5gUjbCa
frsjXquepCJq4RFccBF95p0AijwSOEHxPrLf/vMYAAKBue0rRTFCtuPxor3WDt7c
FCKoadvR6QZr8B70xVp7Icr/yEjpcsxHhDyh/8xpUGTFSXFAQbXDqK0N/llV8tRg
ja7K3fhZG+nMCiT5tQcvzSxUW4OcsCv0P6lMKiQ0LqUupwcK2QLalkTF8mOerIhi
+DSNBiAseZuf4QAH/7DhrEoSRm4Cdu/i/w2wSZhnZHA2rPVWk5ABxfELeZg2xjZe
0oN2J396Qe7SoXIQuS/wjltAVQTj4/ehtSZUitoXdmypat/CXLdagHW2RD/EHS1O
hcbYW2gwKdMRe2KpMKj9Au2kG7y+CtCxpOCpoiMcS748hSppjUShhX4Yw92IZtzQ
66jqI6rBkkkgBydwxQauhfLon2lhcXNjbGVVmEC3No2y7MDfPY0/bMJGc4im+O7q
dKxVpdFUBZHJTo9bA4xYiY4zVCJpDAHhZAa1n0ozy0IeQbdAn/0PMDDXyWOwwGJN
1eJOMX/VK/qF1RA4wO+znDKcCNjT1i39P9m49F3YCE1yAaAXUJ8=
=ghhC
-----END PGP SIGNATURE-----