Debians sikkerhedsbulletin

DSA-1748-1 libsoup -- heltalsoverløb

Rapporteret den:

20. mar 2009

Berørte pakker:

libsoup

Sårbar:

Referencer i sikkerhedsdatabaser:

I Debians fejlsporingssystem: Fejl 520039.
I Mitres CVE-ordbog: CVE-2009-0585.

Yderligere oplysninger:

Man opdagede at libsoup, et HTTP-bibliotek implementeret i C, håndterede store strenge på usikker vis gennem dets Base64-indkapslingsfunktioner. Det kunne måske føre til udførelse af vilkårlig kode.

I den gamle stabile distribution (etch), er dette problem rettet i version 2.2.98-2+etch1.

Den gamle stabile distribution (lenny), er ikke påvirket af dette problem.

Distributionen testing (squeeze) og den ustabile distribution (sid) er ikke påvirket af dette problem.

Vi anbefaler at du opgraderer dine libsoup-pakker.

Rettet i:

Debian GNU/Linux 4.0 (etch)

Kildekode:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.diff.gz; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.dsc; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-doc_2.2.98-2+etch1_all.deb
Alpha:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_alpha.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_amd64.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_arm.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_i386.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_ia64.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_ia64.deb
Big-endian MIPS:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mips.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mips.deb
Little-endian MIPS:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mipsel.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_powerpc.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_s390.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_sparc.deb; http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.