The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-737-1] libsoup vulnerability


<< Previous INDEX Search src / Print Next >>
Subject: [USN-737-1] libsoup vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
To: [email protected]
Cc: [email protected], [email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound: 
 uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -4.5
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.69.0.156
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-72Xf5OB1ESqN41sN99U/"
Date: Mon, 16 Mar 2009 16:43:15 -0400
Message-Id: <1237236195.29190.8.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.25.92 
X-Virus-Scanned: antivirus-gw at tyumen.ru


--=-72Xf5OB1ESqN41sN99U/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-737-1             March 16, 2009
libsoup vulnerability
CVE-2009-0585
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsoup2.2-8                    2.2.93-0ubuntu1.2

Ubuntu 7.10:
  libsoup2.2-8                    2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.2.diff.gz
      Size/MD5:     5999 2c6d0c9c26f3cfb187bab8704111759c
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.2.dsc
      Size/MD5:     1698 4d53c3a402f98463c1f8d9d2366326f0
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
.orig.tar.gz
      Size/MD5:   616955 b41efe6d3d475b20fb3b42c134bbccd3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2=
-doc_2.2.93-0ubuntu1.2_all.deb
      Size/MD5:   112506 e162243c762fe49fefe550c302ced8a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_amd64.deb
      Size/MD5:   127134 56deb8b6f18138d817822163d7074f6e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_amd64.deb
      Size/MD5:   166546 73ba8013211a1b407b6af0a80d807691

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_i386.deb
      Size/MD5:   116102 ba19b3980dba1ca1583a9267d7c98780
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_i386.deb
      Size/MD5:   144636 82452ca9c4fbd71231b497f1c9ad3439

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_powerpc.deb
      Size/MD5:   122206 ef801a4822d5147fe5896ea477b3a394
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_powerpc.deb
      Size/MD5:   167658 3b9d43649f09a3b852514885c0933a01

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_sparc.deb
      Size/MD5:   120856 b2ef9ddf42f083dd49eabb0d155760fd
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_sparc.deb
      Size/MD5:   157774 8e9a2a6a6bc9b9349a08179c33e800a6

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0-1ubuntu0.1.diff.gz
      Size/MD5:     6339 95f4ec280c5e19a4806a2055e108cd03
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0-1ubuntu0.1.dsc
      Size/MD5:     1049 17f92ccd52f6c4e633201f49d60f613e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0.orig.tar.gz
      Size/MD5:   695700 cb6445ebbc18c1b1f29ae0840e79b96b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc=
_2.2.100-1ubuntu0.1_all.deb
      Size/MD5:   146400 2148bb2b79553a19c8ca3ac230af4cb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_amd64.deb
      Size/MD5:   137410 710d3f58e47401ffd4e82efcb46078a7
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_amd64.deb
      Size/MD5:   176090 de65122ca26ca4d53c4398db64ce16c8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_i386.deb
      Size/MD5:   129712 13f33cfb861ea47e4e0d80af736ce213
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_i386.deb
      Size/MD5:   157814 41a420b7ab3ca4f96bd40452ba3caabb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ub=
untu0.1_lpia.deb
      Size/MD5:   127114 3b23f35a2f658daf075c605c9393a34f
    http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1=
ubuntu0.1_lpia.deb
      Size/MD5:   155720 432d9b911c145fafbd4cb897a251fd39

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_powerpc.deb
      Size/MD5:   140772 1f04b1ce7a24d1337671197b3e0282d2
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_powerpc.deb
      Size/MD5:   176862 ed391a0f8ce8c49d94fe956966cefad9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_sparc.deb
      Size/MD5:   130556 fc66cc245388bb6cba540ae6b3c33d27
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_sparc.deb
      Size/MD5:   165436 ebcc175df15a7b8105d72d8b92d86161



--=-72Xf5OB1ESqN41sN99U/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm+ueEACgkQLMAs/0C4zNoa6wCeMGZQUmNiwhZtQxNf2GqAMuo5
/FYAoIy8Hqfm8f2yUN1bzwOiQT7Exvhn
=kjGK
-----END PGP SIGNATURE-----

--=-72Xf5OB1ESqN41sN99U/--



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру