Debian: DSA-1748-1: New libsoup packages fix arbitrary code execution

    Date20 Mar 2009
    CategoryDebian
    27
    Posted ByLinuxSecurity Advisories
    It was discovered that libsoup, an HTTP library implementation in C, handles large strings insecurely via its Base64 encoding functions. This could possibly lead to the execution of arbitrary code.
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1748-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    March 20, 2009   	                http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : libsoup
    Vulnerability  : integer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id         : CVE-2009-0585
    Debian Bugs    : 520039
    
    
    It was discovered that libsoup, an HTTP library implementation in C,
    handles large strings insecurely via its Base64 encoding functions. This
    could possibly lead to the execution of arbitrary code.
    
    
    For the oldstable distribution (etch), this problem has been fixed in
    version 2.2.98-2+etch1.
    
    The stable distribution (lenny) is not affected by this issue.
    
    The testing distribution (squeeze) and the unstable distribution (sid)
    are not affected by this issue.
    
    
    We recommend that you upgrade your libsoup packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.diff.gz
        Size/MD5 checksum:     6510 65ab0f023a150170e8a181890a00b023
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.dsc
        Size/MD5 checksum:     1537 cd5b947c0b3b9203aa52f6d0ec40821c
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98.orig.tar.gz
        Size/MD5 checksum:   692665 b20e2a41ab0d21cc8d84fd76b4dbf47b
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-doc_2.2.98-2+etch1_all.deb
        Size/MD5 checksum:   148102 b1e78a8f3396ae6d58f3cf3889c8c6ff
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_alpha.deb
        Size/MD5 checksum:   143528 45221b9485dd0b1d7a5b2a0dc68b1dc0
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_alpha.deb
        Size/MD5 checksum:   225664 646feecbfdae326e7e131682c87eb490
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_amd64.deb
        Size/MD5 checksum:   173460 91bbd9ff1aba8b8a5739fee06c67d5c8
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_amd64.deb
        Size/MD5 checksum:   134338 4f0863cdc2d1d2b11020ea48d383da47
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_arm.deb
        Size/MD5 checksum:   156102 5b9fc9b512df31fc13545b1ad5b58b59
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_arm.deb
        Size/MD5 checksum:   122166 1f7ffd4f62f0e3da5dfda7bba9b6cf8e
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_i386.deb
        Size/MD5 checksum:   159014 ceff344964f226cbe0c3d9fe33d269c1
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_i386.deb
        Size/MD5 checksum:   127618 233269397ec53a7728efbbe4bb5ffdbf
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_ia64.deb
        Size/MD5 checksum:   166682 3e731257e90366342668ae79a62d765c
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_ia64.deb
        Size/MD5 checksum:   224356 ef42597d156076f2c8b14719ba86b6f7
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mips.deb
        Size/MD5 checksum:   123812 4cf102e455c0dbd0b216ba566a0c0ab8
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mips.deb
        Size/MD5 checksum:   186234 cd10eebffdc0cd2d3054312e33e4ce8e
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mipsel.deb
        Size/MD5 checksum:   123834 98548a14e5ce79bebb383a6aecee4c98
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mipsel.deb
        Size/MD5 checksum:   184598 95aaf80730c26f9d8d157946b2ac5647
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_powerpc.deb
        Size/MD5 checksum:   129934 eed29efd7504d5773dfc3f9e63b86a8f
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_powerpc.deb
        Size/MD5 checksum:   174982 d03e2f8a85f8e3f34f66adcd828cc96e
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_s390.deb
        Size/MD5 checksum:   138932 6cddb3baf9116f406a24b3a9a0704bbf
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_s390.deb
        Size/MD5 checksum:   173034 152912e389a2e79703e7b99754815f8d
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_sparc.deb
        Size/MD5 checksum:   127078 ce5d52474147b2df700df515920bd392
      http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_sparc.deb
        Size/MD5 checksum:   163488 07d3e61ff2b929e005f9a66a2ad8354d
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Do you read our distribution advisories on a regular basis?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    23
    radio
    [{"id":"84","title":"Yes, for a single distribution","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"85","title":"Yes, for multiple distributions","votes":"6","type":"x","order":"2","pct":60,"resources":[]},{"id":"86","title":"No","votes":"4","type":"x","order":"3","pct":40,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.