Debians sikkerhedsbulletin
DSA-1748-1 libsoup -- heltalsoverløb
- Rapporteret den:
- 20. mar 2009
- Berørte pakker:
- libsoup
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Debians fejlsporingssystem: Fejl 520039.
I Mitres CVE-ordbog: CVE-2009-0585. - Yderligere oplysninger:
-
Man opdagede at libsoup, et HTTP-bibliotek implementeret i C, håndterede store strenge på usikker vis gennem dets Base64-indkapslingsfunktioner. Det kunne måske føre til udførelse af vilkårlig kode.
I den gamle stabile distribution (etch), er dette problem rettet i version 2.2.98-2+etch1.
Den gamle stabile distribution (lenny), er ikke påvirket af dette problem.
Distributionen testing (squeeze) og den ustabile distribution (sid) er ikke påvirket af dette problem.
Vi anbefaler at du opgraderer dine libsoup-pakker.
- Rettet i:
-
Debian GNU/Linux 4.0 (etch)
- Kildekode:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.diff.gz
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.dsc
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98.orig.tar.gz
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup_2.2.98-2+etch1.dsc
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-doc_2.2.98-2+etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_alpha.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_amd64.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_arm.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_arm.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_i386.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_i386.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_ia64.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mips.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mips.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_s390.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_s390.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-8_2.2.98-2+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_sparc.deb
- http://security.debian.org/pool/updates/main/libs/libsoup/libsoup2.2-dev_2.2.98-2+etch1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.