LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libsoup vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Roland Lezuo and Josselin Mouette discovered that the HTTP server code in libsoup did not correctly verify request headers. Remote attackers could crash applications using libsoup by sending a crafted HTTP request, resulting in a denial of service.
=========================================================== 
Ubuntu Security Notice USN-411-1           January 23, 2007
libsoup vulnerability
CVE-2006-5876
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libsoup2.2-8                             2.2.6.1-0ubuntu1.1

Ubuntu 6.06 LTS:
  libsoup2.2-8                             2.2.93-0ubuntu1.1

Ubuntu 6.10:
  libsoup2.2-8                             2.2.96-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Roland Lezuo and Josselin Mouette discovered that the HTTP server code 
in libsoup did not correctly verify request headers.  Remote attackers 
could crash applications using libsoup by sending a crafted HTTP 
request, resulting in a denial of service.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.6.1-0ubuntu1.1.diff.gz
      Size/MD5:     4223 b29a2e77797c1dc3996fa95c3d3fc9dc
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.6.1-0ubuntu1.1.dsc
      Size/MD5:      690 c1e2931c5bb73708b0fd7449cf91162d
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.6.1.orig.tar.gz
      Size/MD5:   600116 49cf542cfd814d7d01a272e27015b7b4

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2-doc_2.2.6.1-0ubuntu1.1_all.deb
      Size/MD5:    97478 fe739446d0b8dc2e59db7fba7110df36

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   122752 1c3b712a3d024c96202efbe26487e4dc
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   160696 722e69eae12a0a19fa68fa784a10122c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   112142 5ef7c3e56386f26535e1408e5d42503e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   140346 ead54510f646e0fe73eee7b1781394f1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   118020 bf92390abb8ab08b14dcb0d77d98c1ad
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   161348 6526420cdc10d3133a609516cd241e19

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   116062 e248ec557eeb97601bbfcced6ad7f10b
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   151452 3f57086e6c78b541fab19f71b586a2bd

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.1.diff.gz
      Size/MD5:     5471 50b6572dc389f14529daa23a428222e3
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.1.dsc
      Size/MD5:     1690 cece99cb660cbc7367c6807f12b71009
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93.orig.tar.gz
      Size/MD5:   616955 b41efe6d3d475b20fb3b42c134bbccd3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2-doc_2.2.93-0ubuntu1.1_all.deb
      Size/MD5:   111910 dc2f544c302fdc8e1309d68a63cc251a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.1_amd64.deb
      Size/MD5:   126890 e76acbc938911434c14745e55dd81ae3
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.1_amd64.deb
      Size/MD5:   166280 accf21086b9b500dd609504ad29dd04a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.1_i386.deb
      Size/MD5:   116078 34ea24d5a57d32dc6296e08ba51a9fc1
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.1_i386.deb
      Size/MD5:   145212 28afb366495211a417bfadf8554a7cb0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.1_powerpc.deb
      Size/MD5:   121986 ec9cc7867dbb49028d28d177da4e3579
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.1_powerpc.deb
      Size/MD5:   167364 d8395ec70c8bba72861c9ac8fd1cc503

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.1_sparc.deb
      Size/MD5:   120692 43d7164ead19dee2b40c32b317102d12
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.1_sparc.deb
      Size/MD5:   157494 5a05d1da07ee0c06111639cab4fa16fd

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.96-0ubuntu2.1.diff.gz
      Size/MD5:     5753 fba402e17584b648ac9ec962cdd69e74
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.96-0ubuntu2.1.dsc
      Size/MD5:     1500 409106ece482cee6b645f9acdc20ebba
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.96.orig.tar.gz
      Size/MD5:   673788 27bfc4e34d85b28e4ffea9d21b642b51

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc_2.2.96-0ubuntu2.1_all.deb
      Size/MD5:   142086 956bb89d2436bf0251c3b1509da22ecf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.96-0ubuntu2.1_amd64.deb
      Size/MD5:   132538 6adf2a31cb0cd5b935c88f884c1e1af8
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.96-0ubuntu2.1_amd64.deb
      Size/MD5:   172966 7a908c778e75db2c4df59af7c43dd946

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.96-0ubuntu2.1_i386.deb
      Size/MD5:   125360 7f87d6d58a3d2102b2919c99d3b6c3ee
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.96-0ubuntu2.1_i386.deb
      Size/MD5:   155750 981fd1e018b3f208d9c3c69b9cc786d9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.96-0ubuntu2.1_powerpc.deb
      Size/MD5:   128718 c340991ea128124e143b381c5fa6598e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.96-0ubuntu2.1_powerpc.deb
      Size/MD5:   174524 8c7fbdb5f203ccf6d8c93b01e12773dd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.96-0ubuntu2.1_sparc.deb
      Size/MD5:   125922 ab80746fbe13588d121fd511418ec98d
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.96-0ubuntu2.1_sparc.deb
      Size/MD5:   162968 66e87a3dce6906ed4db3b21b3c52ac0b


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers
RIPS – Static Source Code Analysis For PHP Vulnerabilities
Finding a Video Poker Bug Made These Guys Rich—Then Vegas Made Them Pay
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.