USN-737-1: libsoup vulnerability  

Posted by Daniela Mehler

"Ubuntu Security Notice USN-737-1 March 16, 2009
libsoup vulnerability
CVE-2009-0585
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libsoup2.2-8 2.2.93-0ubuntu1.2

Ubuntu 7.10:
libsoup2.2-8 2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.


Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.2.diff.gz
Size/MD5: 5999 2c6d0c9c26f3cfb187bab8704111759c
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.2.dsc
Size/MD5: 1698 4d53c3a402f98463c1f8d9d2366326f0
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
.orig.tar.gz
Size/MD5: 616955 b41efe6d3d475b20fb3b42c134bbccd3

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2=
-doc_2.2.93-0ubuntu1.2_all.deb
Size/MD5: 112506 e162243c762fe49fefe550c302ced8a6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_amd64.deb
Size/MD5: 127134 56deb8b6f18138d817822163d7074f6e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_amd64.deb
Size/MD5: 166546 73ba8013211a1b407b6af0a80d807691

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_i386.deb
Size/MD5: 116102 ba19b3980dba1ca1583a9267d7c98780
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_i386.deb
Size/MD5: 144636 82452ca9c4fbd71231b497f1c9ad3439

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_powerpc.deb
Size/MD5: 122206 ef801a4822d5147fe5896ea477b3a394
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_powerpc.deb
Size/MD5: 167658 3b9d43649f09a3b852514885c0933a01

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.93-0ubuntu1.2_sparc.deb
Size/MD5: 120856 b2ef9ddf42f083dd49eabb0d155760fd
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.2_sparc.deb
Size/MD5: 157774 8e9a2a6a6bc9b9349a08179c33e800a6

Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0-1ubuntu0.1.diff.gz
Size/MD5: 6339 95f4ec280c5e19a4806a2055e108cd03
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0-1ubuntu0.1.dsc
Size/MD5: 1049 17f92ccd52f6c4e633201f49d60f613e
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.10=
0.orig.tar.gz
Size/MD5: 695700 cb6445ebbc18c1b1f29ae0840e79b96b

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc=
_2.2.100-1ubuntu0.1_all.deb
Size/MD5: 146400 2148bb2b79553a19c8ca3ac230af4cb3

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_amd64.deb
Size/MD5: 137410 710d3f58e47401ffd4e82efcb46078a7
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_amd64.deb
Size/MD5: 176090 de65122ca26ca4d53c4398db64ce16c8

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_i386.deb
Size/MD5: 129712 13f33cfb861ea47e4e0d80af736ce213
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_i386.deb
Size/MD5: 157814 41a420b7ab3ca4f96bd40452ba3caabb

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-8_2.2.100-1ub=
untu0.1_lpia.deb
Size/MD5: 127114 3b23f35a2f658daf075c605c9393a34f
http://ports.ubuntu.com/pool/main/libs/libsoup/libsoup2.2-dev_2.2.100-1=
ubuntu0.1_lpia.deb
Size/MD5: 155720 432d9b911c145fafbd4cb897a251fd39

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_powerpc.deb
Size/MD5: 140772 1f04b1ce7a24d1337671197b3e0282d2
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_powerpc.deb
Size/MD5: 176862 ed391a0f8ce8c49d94fe956966cefad9

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
.2.100-1ubuntu0.1_sparc.deb
Size/MD5: 130556 fc66cc245388bb6cba540ae6b3c33d27
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.100-1ubuntu0.1_sparc.deb
Size/MD5: 165436 ebcc175df15a7b8105d72d8b92d86161



--=-72Xf5OB1ESqN41sN99U/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAkm+ueEACgkQLMAs/0C4zNoa6wCeMGZQUmNiwhZtQxNf2GqAMuo5
/FYAoIy8Hqfm8f2yUN1bzwOiQT7Exvhn
=kjGK
-----END PGP SIGNATURE-----
"


Placido Domingo puts musical spin on pope’s poems
(AP)

USN-732-1: dash vulnerability
‘American Idol’ selects 3 more finalists
(AP)

This entry was posted on 11:39 PM .