"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1748-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
March 20, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : libsoup
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id : CVE-2009-0585
Debian Bugs : 520039
It was discovered that libsoup, an HTTP library implementation in C,
handles large strings insecurely via its Base64 encoding functions. This
could possibly lead to the execution of arbitrary code.
For the oldstable distribution (etch), this problem has been fixed in
version 2.2.98-2+etch1.
The stable distribution (lenny) is not affected by this issue.
The testing distribution (squeeze) and the unstable distribution (sid)
are not affected by this issue.
We recommend that you upgrade your libsoup packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.diff.gz
Size/MD5 checksum: 6510 65ab0f023a150170e8a181890a00b023
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.dsc
Size/MD5 checksum: 1537 cd5b947c0b3b9203aa52f6d0ec40821c
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98.orig.tar.gz
Size/MD5 checksum: 692665 b20e2a41ab0d21cc8d84fd76b4dbf47b
Architecture independent packages:
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-doc_2.2.98-2+etch1_all.deb
Size/MD5 checksum: 148102 b1e78a8f3396ae6d58f3cf3889c8c6ff
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_alpha.deb
Size/MD5 checksum: 143528 45221b9485dd0b1d7a5b2a0dc68b1dc0
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_alpha.deb
Size/MD5 checksum: 225664 646feecbfdae326e7e131682c87eb490
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_amd64.deb
Size/MD5 checksum: 173460 91bbd9ff1aba8b8a5739fee06c67d5c8
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_amd64.deb
Size/MD5 checksum: 134338 4f0863cdc2d1d2b11020ea48d383da47
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_arm.deb
Size/MD5 checksum: 156102 5b9fc9b512df31fc13545b1ad5b58b59
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_arm.deb
Size/MD5 checksum: 122166 1f7ffd4f62f0e3da5dfda7bba9b6cf8e
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_i386.deb
Size/MD5 checksum: 159014 ceff344964f226cbe0c3d9fe33d269c1
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_i386.deb
Size/MD5 checksum: 127618 233269397ec53a7728efbbe4bb5ffdbf
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_ia64.deb
Size/MD5 checksum: 166682 3e731257e90366342668ae79a62d765c
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_ia64.deb
Size/MD5 checksum: 224356 ef42597d156076f2c8b14719ba86b6f7
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mips.deb
Size/MD5 checksum: 123812 4cf102e455c0dbd0b216ba566a0c0ab8
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mips.deb
Size/MD5 checksum: 186234 cd10eebffdc0cd2d3054312e33e4ce8e
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mipsel.deb
Size/MD5 checksum: 123834 98548a14e5ce79bebb383a6aecee4c98
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mipsel.deb
Size/MD5 checksum: 184598 95aaf80730c26f9d8d157946b2ac5647
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_powerpc.deb
Size/MD5 checksum: 129934 eed29efd7504d5773dfc3f9e63b86a8f
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_powerpc.deb
Size/MD5 checksum: 174982 d03e2f8a85f8e3f34f66adcd828cc96e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_s390.deb
Size/MD5 checksum: 138932 6cddb3baf9116f406a24b3a9a0704bbf
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_s390.deb
Size/MD5 checksum: 173034 152912e389a2e79703e7b99754815f8d
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_sparc.deb
Size/MD5 checksum: 127078 ce5d52474147b2df700df515920bd392
http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_sparc.deb
Size/MD5 checksum: 163488 07d3e61ff2b929e005f9a66a2ad8354d
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknDpHcACgkQ62zWxYk/rQcqxwCgiR0gBbnd2D+e2NPMcAW2LRLL
jZoAoL4Plgu8bTUw0AgqacvBkUt7bwk4
=tp9e
-----END PGP SIGNATURE-----
"
‘American Idol’ selects 3 more finalists
(AP)
DSA 1739-1: New mldonkey packages fix information disclosure
DSA 1741-1: New psi packages fix denial of service
Another ‘American Idol’ contestant booted
(AP)
This entry was posted
on 12:18 AM
.
Archives
-
▼
2009
(488)
-
▼
March
(44)
- DSA 1760-1: New openswan packages fix denial of se...
- USN-750-1: OpenSSL vulnerability
- USN-748-1: OpenJDK vulnerabilities
- DSA 1756-1: New xulrunner packages fix multiple vu...
- RHSA-2009:0373-01 Moderate: systemtap security update
- RHSA-2009:0397-01 Critical: firefox security update
- RHSA-2009:0295-01 Moderate: net-snmp security update
- DSA 1755-1: New systemtap packages fix local privi...
- GLSA 200903-39 pam_krb5: Privilege escalation
- RHSA-2009:0394-01 Critical: java-1.5.0-sun securit...
- RHSA-2009:0376-01 Critical: acroread security update
- GLSA 200903-38 Squid: Multiple Denial of Service ...
- DSA 1753-1: End-of-life announcement for Iceweasel...
- GLSA 200903-35 Muttprint: Insecure temporary file...
- DSA 1747-1: New glib2.0 packages fix arbitrary cod...
- DSA 1750-1: New libpng packages fix several vulner...
- DSA 1748-1: New libsoup packages fix arbitrary cod...
- GLSA 200903-34 Amarok: User-assisted execution of...
- RHSA-2009:0345-01 Moderate: ghostscript security u...
- USN-742-1: JasPer vulnerabilities
- DSA 1749-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:0341-01 Moderate: curl security update
- GLSA 200903-32 phpMyAdmin: Multiple vulnerabilities
- DSA 1744-1: New weechat packages fix denial of ser...
- GLSA 200903-29 BlueZ: Arbitrary code execution
- RHSA-2009:0355-01 Moderate: evolution and evolutio...
- USN-737-1: libsoup vulnerability
- DSA 1743-1: New libtk-img packages fix arbitrary c...
- DSA 1740-1: New yaws packages fix denial of service
- DSA 1741-1: New psi packages fix denial of service
- DSA 1742-1: New libsnd packages fix arbitrary code...
- GLSA 200903-25 Courier Authentication Library: SQ...
- USN-731-1: Apache vulnerabilities
- GLSA 200903-26 TMSNC: Execution of arbitrary code
- DSA 1738-1: New curl packages fix arbitrary file a...
- DSA 1739-1: New mldonkey packages fix information ...
- RHSA-2009:0331-01 Important: kernel security and b...
- GLSA 200903-21 cURL: Arbitrary file access
- GLSA 200903-23 Adobe Flash Player: Multiple vulne...
- DSA 1735-1: New znc packages fix privilege escalation
- USN-732-1: dash vulnerability
- DSA 1737-1: New wesnoth packages fix several vulne...
- Media player targets embedded Linux devices
- TI die-shrinks OMAP3
-
▼
March
(44)