TUCoPS :: Linux :: Ubuntu :: va2916.htm

libsoup vulnerability
libsoup vulnerability
libsoup vulnerability




--=-72Xf5OB1ESqN41sN99U/
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

==========================================================Ubuntu Security Notice USN-737-1             March 16, 2009
libsoup vulnerability
CVE-2009-0585
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libsoup2.2-8                    2.2.93-0ubuntu1.2

Ubuntu 7.10:
  libsoup2.2-8                    2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.diff.gz 
      Size/MD5:     5999 2c6d0c9c26f3cfb187bab8704111759c
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93-0ubuntu1.2.dsc 
      Size/MD5:     1698 4d53c3a402f98463c1f8d9d2366326f0
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93.orig.tar.gz 
      Size/MD5:   616955 b41efe6d3d475b20fb3b42c134bbccd3

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2-doc_2.2.93-0ubuntu1.2_all.deb 
      Size/MD5:   112506 e162243c762fe49fefe550c302ced8a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_amd64.deb 
      Size/MD5:   127134 56deb8b6f18138d817822163d7074f6e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_amd64.deb 
      Size/MD5:   166546 73ba8013211a1b407b6af0a80d807691

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_i386.deb 
      Size/MD5:   116102 ba19b3980dba1ca1583a9267d7c98780
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_i386.deb 
      Size/MD5:   144636 82452ca9c4fbd71231b497f1c9ad3439

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_powerpc.deb 
      Size/MD5:   122206 ef801a4822d5147fe5896ea477b3a394
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_powerpc.deb 
      Size/MD5:   167658 3b9d43649f09a3b852514885c0933a01

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.93-0ubuntu1.2_sparc.deb 
      Size/MD5:   120856 b2ef9ddf42f083dd49eabb0d155760fd
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.93-0ubuntu1.2_sparc.deb 
      Size/MD5:   157774 8e9a2a6a6bc9b9349a08179c33e800a6

Updated packages for Ubuntu 7.10:

  Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.diff.gz 
      Size/MD5:     6339 95f4ec280c5e19a4806a2055e108cd03
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100-1ubuntu0.1.dsc 
      Size/MD5:     1049 17f92ccd52f6c4e633201f49d60f613e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.100.orig.tar.gz 
      Size/MD5:   695700 cb6445ebbc18c1b1f29ae0840e79b96b

  Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc_2.2.100-1ubuntu0.1_all.deb 
      Size/MD5:   146400 2148bb2b79553a19c8ca3ac230af4cb3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_amd64.deb 
      Size/MD5:   137410 710d3f58e47401ffd4e82efcb46078a7
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_amd64.deb 
      Size/MD5:   176090 de65122ca26ca4d53c4398db64ce16c8

  i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_i386.deb 
      Size/MD5:   129712 13f33cfb861ea47e4e0d80af736ce213
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_i386.deb 
      Size/MD5:   157814 41a420b7ab3ca4f96bd40452ba3caabb

  lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_lpia.deb 
      Size/MD5:   127114 3b23f35a2f658daf075c605c9393a34f
http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_lpia.deb 
      Size/MD5:   155720 432d9b911c145fafbd4cb897a251fd39

  powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_powerpc.deb 
      Size/MD5:   140772 1f04b1ce7a24d1337671197b3e0282d2
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_powerpc.deb 
      Size/MD5:   176862 ed391a0f8ce8c49d94fe956966cefad9

  sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ubuntu0.1_sparc.deb 
      Size/MD5:   130556 fc66cc245388bb6cba540ae6b3c33d27
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1ubuntu0.1_sparc.deb 
      Size/MD5:   165436 ebcc175df15a7b8105d72d8b92d86161



--=-72Xf5OB1ESqN41sN99U/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm+ueEACgkQLMAs/0C4zNoa6wCeMGZQUmNiwhZtQxNf2GqAMuo5
/FYAoIy8Hqfm8f2yUN1bzwOiQT7Exvhn
=kjGK
-----END PGP SIGNATURE-----

--=-72Xf5OB1ESqN41sN99U/--


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH