Ubuntu Linux has released important security updates addressing vulnerabilities in HAProxy and libsoup. These updates are crucial for maintaining system integrity and preventing potential security breaches.
To mitigate this issue, users are urged to update their HAProxy packages to the following versions:
- Ubuntu 24.10: haproxy 2.9.10-1ubuntu1.2
- Ubuntu 24.04 LTS: haproxy 2.8.5-1ubuntu3.3
- Ubuntu 22.04 LTS: haproxy 2.4.24-0ubuntu0.22.04.2
A standard system update will ensure these changes are applied.
The recommended package updates for libsoup are:
- Ubuntu 24.10: libsoup-2.4-1 2.74.3-7ubuntu0.2 and libsoup-3.0-0 3.6.0-2ubuntu0.2
- Ubuntu 24.04 LTS: libsoup-2.4-1 2.74.3-6ubuntu1.2 and libsoup-3.0-0 3.4.4-5ubuntu0.2
- Ubuntu 22.04 LTS: libsoup-3.0-0 3.0.7-0ubuntu1+esm2 (available through Ubuntu Pro) and libsoup2.4-1 2.74.2-3ubuntu0.2
- Ubuntu 20.04 LTS: libsoup2.4-1 2.70.0-1ubuntu0.2
Similar to HAProxy, users can apply these updates through a standard system update.
For more details, users can refer to the official security notices on the Ubuntu website and associated package information links
HAProxy Vulnerability (USN-7431-1)
On April 10, 2025, Ubuntu announced a security issue affecting various versions of HAProxy, a widely used load balancing reverse proxy. The vulnerability can cause HAProxy to crash or, in a worst-case scenario, allow remote execution of arbitrary code through specially crafted network traffic. The affected Ubuntu releases include 24.10, 24.04 LTS, and 22.04 LTS.To mitigate this issue, users are urged to update their HAProxy packages to the following versions:
- Ubuntu 24.10: haproxy 2.9.10-1ubuntu1.2
- Ubuntu 24.04 LTS: haproxy 2.8.5-1ubuntu3.3
- Ubuntu 22.04 LTS: haproxy 2.4.24-0ubuntu0.22.04.2
A standard system update will ensure these changes are applied.
Libsoup Vulnerabilities (USN-7432-1)
The same day, Ubuntu also addressed several vulnerabilities in libsoup, an HTTP client/server library for GNOME. This update affects Ubuntu versions 24.10, 24.04 LTS, 22.04 LTS, and 20.04 LTS. The vulnerabilities could lead to out-of-bounds reads and invalid memory dereferencing, both of which can result in application crashes and denial of service.The recommended package updates for libsoup are:
- Ubuntu 24.10: libsoup-2.4-1 2.74.3-7ubuntu0.2 and libsoup-3.0-0 3.6.0-2ubuntu0.2
- Ubuntu 24.04 LTS: libsoup-2.4-1 2.74.3-6ubuntu1.2 and libsoup-3.0-0 3.4.4-5ubuntu0.2
- Ubuntu 22.04 LTS: libsoup-3.0-0 3.0.7-0ubuntu1+esm2 (available through Ubuntu Pro) and libsoup2.4-1 2.74.2-3ubuntu0.2
- Ubuntu 20.04 LTS: libsoup2.4-1 2.70.0-1ubuntu0.2
Similar to HAProxy, users can apply these updates through a standard system update.
Importance of Updates
These updates highlight the importance of regularly maintaining and securing systems to protect against evolving security threats. Users are encouraged to stay informed about security notices and promptly apply updates to ensure their systems remain secure.For more details, users can refer to the official security notices on the Ubuntu website and associated package information links
HAProxy and Libsoup updates for Ubuntu
Ubuntu Linux has received updates focused on security, which include a fix for an HAProxy vulnerability as well as fixes for vulnerabilities in libsoup:
[USN-7431-1] HAProxy vulnerability
[USN-7432-1] libsoup vulnerabilities
