"Ubuntu Security Notice USN-737-1 March 16, 2009
libsoup vulnerability
CVE-2009-0585
==========================
==========================
=========
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsoup2.2-8 2.2.93-0ubuntu1.2
Ubuntu 7.10:
libsoup2.2-8 2.2.100-1ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.2.diff.gz
Size/MD5: 5999 2c6d0c9c26f3cfb187bab8704111759c
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.2.dsc
Size/MD5: 1698 4d53c3a402f98463c1f8d9d2366326f0
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
.orig.tar.gz
Size/MD5: 616955 b41efe6d3d475b20fb3b42c134bbccd3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2=
-doc_2.2.93-0ubuntu1.2_all.deb
Size/MD5: 112506 e162243c762fe49fefe550c302ced8a6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_amd64.deb
Size/MD5: 127134 56deb8b6f18138d817822163d7074f6e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_amd64.deb
Size/MD5: 166546 73ba8013211a1b407b6af0a80d807691
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_i386.deb
Size/MD5: 116102 ba19b3980dba1ca1583a9267d7c98780
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_i386.deb
Size/MD5: 144636 82452ca9c4fbd71231b497f1c9ad3439
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_powerpc.deb
Size/MD5: 122206 ef801a4822d5147fe5896ea477b3a394
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_powerpc.deb
Size/MD5: 167658 3b9d43649f09a3b852514885c0933a01
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_sparc.deb
Size/MD5: 120856 b2ef9ddf42f083dd49eabb0d155760fd
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_sparc.deb
Size/MD5: 157774 8e9a2a6a6bc9b9349a08179c33e800a6
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0-1ubuntu0.1.diff.gz
Size/MD5: 6339 95f4ec280c5e19a4806a2055e108cd03
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0-1ubuntu0.1.dsc
Size/MD5: 1049 17f92ccd52f6c4e633201f49d60f613e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0.orig.tar.gz
Size/MD5: 695700 cb6445ebbc18c1b1f29ae0840e79b96b
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc=
_2.2.100-1ubuntu0.1_all.deb
Size/MD5: 146400 2148bb2b79553a19c8ca3ac230af4cb3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_amd64.deb
Size/MD5: 137410 710d3f58e47401ffd4e82efcb46078a7
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_amd64.deb
Size/MD5: 176090 de65122ca26ca4d53c4398db64ce16c8
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_i386.deb
Size/MD5: 129712 13f33cfb861ea47e4e0d80af736ce213
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_i386.deb
Size/MD5: 157814 41a420b7ab3ca4f96bd40452ba3caabb
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ub=
untu0.1_lpia.deb
Size/MD5: 127114 3b23f35a2f658daf075c605c9393a34f
http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1=
ubuntu0.1_lpia.deb
Size/MD5: 155720 432d9b911c145fafbd4cb897a251fd39
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_powerpc.deb
Size/MD5: 140772 1f04b1ce7a24d1337671197b3e0282d2
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_powerpc.deb
Size/MD5: 176862 ed391a0f8ce8c49d94fe956966cefad9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_sparc.deb
Size/MD5: 130556 fc66cc245388bb6cba540ae6b3c33d27
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_sparc.deb
Size/MD5: 165436 ebcc175df15a7b8105d72d8b92d86161
--=-72Xf5OB1ESqN41sN99U/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkm+ueEACgkQLMAs/0C4zNoa6wCeMGZQUmNiwhZtQxNf2GqAMuo5
/FYAoIy8Hqfm8f2yUN1bzwOiQT7Exvhn
=kjGK
-----END PGP SIGNATURE-----
"
Placido Domingo puts musical spin on pope’s poems
(AP)
USN-732-1: dash vulnerability
‘American Idol’ selects 3 more finalists
(AP)
This entry was posted
on 11:39 PM
.
Archives
-
▼
2009
(488)
-
▼
March
(44)
- DSA 1760-1: New openswan packages fix denial of se...
- USN-750-1: OpenSSL vulnerability
- USN-748-1: OpenJDK vulnerabilities
- DSA 1756-1: New xulrunner packages fix multiple vu...
- RHSA-2009:0373-01 Moderate: systemtap security update
- RHSA-2009:0397-01 Critical: firefox security update
- RHSA-2009:0295-01 Moderate: net-snmp security update
- DSA 1755-1: New systemtap packages fix local privi...
- GLSA 200903-39 pam_krb5: Privilege escalation
- RHSA-2009:0394-01 Critical: java-1.5.0-sun securit...
- RHSA-2009:0376-01 Critical: acroread security update
- GLSA 200903-38 Squid: Multiple Denial of Service ...
- DSA 1753-1: End-of-life announcement for Iceweasel...
- GLSA 200903-35 Muttprint: Insecure temporary file...
- DSA 1747-1: New glib2.0 packages fix arbitrary cod...
- DSA 1750-1: New libpng packages fix several vulner...
- DSA 1748-1: New libsoup packages fix arbitrary cod...
- GLSA 200903-34 Amarok: User-assisted execution of...
- RHSA-2009:0345-01 Moderate: ghostscript security u...
- USN-742-1: JasPer vulnerabilities
- DSA 1749-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:0341-01 Moderate: curl security update
- GLSA 200903-32 phpMyAdmin: Multiple vulnerabilities
- DSA 1744-1: New weechat packages fix denial of ser...
- GLSA 200903-29 BlueZ: Arbitrary code execution
- RHSA-2009:0355-01 Moderate: evolution and evolutio...
- USN-737-1: libsoup vulnerability
- DSA 1743-1: New libtk-img packages fix arbitrary c...
- DSA 1740-1: New yaws packages fix denial of service
- DSA 1741-1: New psi packages fix denial of service
- DSA 1742-1: New libsnd packages fix arbitrary code...
- GLSA 200903-25 Courier Authentication Library: SQ...
- USN-731-1: Apache vulnerabilities
- GLSA 200903-26 TMSNC: Execution of arbitrary code
- DSA 1738-1: New curl packages fix arbitrary file a...
- DSA 1739-1: New mldonkey packages fix information ...
- RHSA-2009:0331-01 Important: kernel security and b...
- GLSA 200903-21 cURL: Arbitrary file access
- GLSA 200903-23 Adobe Flash Player: Multiple vulne...
- DSA 1735-1: New znc packages fix privilege escalation
- USN-732-1: dash vulnerability
- DSA 1737-1: New wesnoth packages fix several vulne...
- Media player targets embedded Linux devices
- TI die-shrinks OMAP3
-
▼
March
(44)