Ubuntu has issued security updates addressing vulnerabilities in libsoup and WebKitGTK, crucial components for web browsing and HTTP communication. The updates were announced in two separate security notices:
1. Libsoup Vulnerabilities (USN-7565-1):
- Affected Versions: Ubuntu 18.04 LTS and 16.04 LTS.
- Issues: Several vulnerabilities were identified, particularly affecting the memory handling during UTF-8 conversions and infinite loops when reading websocket data. These could lead to denial of service or arbitrary code execution. Specifically, Ubuntu 16.04 LTS was more vulnerable to these issues.
- Fix: Users are encouraged to update to the latest package versions available through Ubuntu Pro, which are:
- Ubuntu 18.04: libsoup2.4-1 2.62.1-1ubuntu0.4+esm5
- Ubuntu 16.04: libsoup2.4-1 2.52.2-1ubuntu0.3+esm4
2. WebKitGTK Vulnerabilities (USN-7566-1):
- Affected Versions: Ubuntu 25.04, 24.10, 24.04 LTS, and 22.04 LTS.
- Issues: Multiple vulnerabilities were discovered in the Web and JavaScript engines of WebKitGTK that could allow attackers to execute cross-site scripting attacks, cause denial of service, and run arbitrary code if users visited malicious websites.
- Fix: Users should update to the following versions based on their Ubuntu release:
- Ubuntu 25.04: libjavascriptcoregtk-4.1-0 2.48.3-0ubuntu0.25.04.1
- Ubuntu 24.10: libjavascriptcoregtk-4.1-0 2.48.3-0ubuntu0.24.10.1
- Ubuntu 24.04 LTS: libjavascriptcoregtk-4.1-0 2.48.3-0ubuntu0.24.04.1
- Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.48.3-0ubuntu0.22.04.1
General Update Instructions: Users are recommended to perform a standard system update, and for applications utilizing WebKitGTK, such as Epiphany, a restart is required post-update to apply changes.
Summary: These updates highlight the importance of maintaining security through regular system updates, particularly for components that handle web content and networking. Users should remain vigilant against potential security threats by keeping their systems up to date and being cautious with web browsing activities.
For more information, users can refer to the respective security notices on the official Ubuntu website
1. Libsoup Vulnerabilities (USN-7565-1):
- Affected Versions: Ubuntu 18.04 LTS and 16.04 LTS.
- Issues: Several vulnerabilities were identified, particularly affecting the memory handling during UTF-8 conversions and infinite loops when reading websocket data. These could lead to denial of service or arbitrary code execution. Specifically, Ubuntu 16.04 LTS was more vulnerable to these issues.
- Fix: Users are encouraged to update to the latest package versions available through Ubuntu Pro, which are:
- Ubuntu 18.04: libsoup2.4-1 2.62.1-1ubuntu0.4+esm5
- Ubuntu 16.04: libsoup2.4-1 2.52.2-1ubuntu0.3+esm4
2. WebKitGTK Vulnerabilities (USN-7566-1):
- Affected Versions: Ubuntu 25.04, 24.10, 24.04 LTS, and 22.04 LTS.
- Issues: Multiple vulnerabilities were discovered in the Web and JavaScript engines of WebKitGTK that could allow attackers to execute cross-site scripting attacks, cause denial of service, and run arbitrary code if users visited malicious websites.
- Fix: Users should update to the following versions based on their Ubuntu release:
- Ubuntu 25.04: libjavascriptcoregtk-4.1-0 2.48.3-0ubuntu0.25.04.1
- Ubuntu 24.10: libjavascriptcoregtk-4.1-0 2.48.3-0ubuntu0.24.10.1
- Ubuntu 24.04 LTS: libjavascriptcoregtk-4.1-0 2.48.3-0ubuntu0.24.04.1
- Ubuntu 22.04 LTS: libjavascriptcoregtk-4.0-18 2.48.3-0ubuntu0.22.04.1
General Update Instructions: Users are recommended to perform a standard system update, and for applications utilizing WebKitGTK, such as Epiphany, a restart is required post-update to apply changes.
Summary: These updates highlight the importance of maintaining security through regular system updates, particularly for components that handle web content and networking. Users should remain vigilant against potential security threats by keeping their systems up to date and being cautious with web browsing activities.
For more information, users can refer to the respective security notices on the official Ubuntu website
Libsoup and WebKitGTK updates for Ubuntu
Ubuntu Linux has been updated with security updates for libsoup and WebKitGTK vulnerabilities:
[USN-7565-1] libsoup vulnerabilities
[USN-7566-1] WebKitGTK vulnerabilities
