LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libsoup vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that the Base64 encoding functions in libsoup did not properly handle large strings. If a user were tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges.
===========================================================
Ubuntu Security Notice USN-737-1             March 16, 2009
libsoup vulnerability
CVE-2009-0585
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsoup2.2-8                    2.2.93-0ubuntu1.2

Ubuntu 7.10:
  libsoup2.2-8                    2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.diff.gz
      Size/MD5:     5999 2c6d0c9c26f3cfb187bab8704111759c
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.dsc
      Size/MD5:     1698 4d53c3a402f98463c1f8d9d2366326f0
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93.orig.tar.gz
      Size/MD5:   616955 b41efe6d3d475b20fb3b42c134bbccd3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2-doc_2.2.93-0ubuntu1.2_all.deb
      Size/MD5:   112506 e162243c762fe49fefe550c302ced8a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_amd64.deb
      Size/MD5:   127134 56deb8b6f18138d817822163d7074f6e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_amd64.deb
      Size/MD5:   166546 73ba8013211a1b407b6af0a80d807691

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_i386.deb
      Size/MD5:   116102 ba19b3980dba1ca1583a9267d7c98780
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_i386.deb
      Size/MD5:   144636 82452ca9c4fbd71231b497f1c9ad3439

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_powerpc.deb
      Size/MD5:   122206 ef801a4822d5147fe5896ea477b3a394
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_powerpc.deb
      Size/MD5:   167658 3b9d43649f09a3b852514885c0933a01

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_sparc.deb
      Size/MD5:   120856 b2ef9ddf42f083dd49eabb0d155760fd
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_sparc.deb
      Size/MD5:   157774 8e9a2a6a6bc9b9349a08179c33e800a6

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.diff.gz
      Size/MD5:     6339 95f4ec280c5e19a4806a2055e108cd03
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.dsc
      Size/MD5:     1049 17f92ccd52f6c4e633201f49d60f613e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100.orig.tar.gz
      Size/MD5:   695700 cb6445ebbc18c1b1f29ae0840e79b96b

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc_2.2.100-1ubuntu0.1_all.deb
      Size/MD5:   146400 2148bb2b79553a19c8ca3ac230af4cb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_amd64.deb
      Size/MD5:   137410 710d3f58e47401ffd4e82efcb46078a7
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_amd64.deb
      Size/MD5:   176090 de65122ca26ca4d53c4398db64ce16c8

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_i386.deb
      Size/MD5:   129712 13f33cfb861ea47e4e0d80af736ce213
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_i386.deb
      Size/MD5:   157814 41a420b7ab3ca4f96bd40452ba3caabb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_lpia.deb
      Size/MD5:   127114 3b23f35a2f658daf075c605c9393a34f
    http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_lpia.deb
      Size/MD5:   155720 432d9b911c145fafbd4cb897a251fd39

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_powerpc.deb
      Size/MD5:   140772 1f04b1ce7a24d1337671197b3e0282d2
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_powerpc.deb
      Size/MD5:   176862 ed391a0f8ce8c49d94fe956966cefad9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_sparc.deb
      Size/MD5:   130556 fc66cc245388bb6cba540ae6b3c33d27
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_sparc.deb
      Size/MD5:   165436 ebcc175df15a7b8105d72d8b92d86161



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Removes SSLv3 Fallback Support From Chrome
Hacker Lexicon: What Is End-to-End Encryption?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.