Login
Newsletter
Werbung
Sicherheit: Denial of Service in libsoup
Aktuelle Meldungen Distributionen
Name: Denial of Service in libsoup
ID: USN-411-1
Distribution: Ubuntu
Plattformen: Ubuntu 5.10, Ubuntu 6.06, Ubuntu 6.10
Datum: Di, 23. Januar 2007, 23:56
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5876
Applikationen: libsoup

Originalnachricht

 

--===============1402472560==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="sfyO1m2EN8ZOtJL6"
Content-Disposition: inline


--sfyO1m2EN8ZOtJL6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Ubuntu Security Notice USN-411-1           January 23,
 2007==========20=================================================
libsoup vulnerability
CVE-2006-5876
==========================================================
A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libsoup2.2-8                             2.2.6.1-0ubuntu1.1

Ubuntu 6.06 LTS:
  libsoup2.2-8                             2.2.93-0ubuntu1.1

Ubuntu 6.10:
  libsoup2.2-8                             2.2.96-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Roland Lezuo and Josselin Mouette discovered that the HTTP server code
in libsoup did not correctly verify request headers.  Remote attackers
could crash applications using libsoup by sending a crafted HTTP
request, resulting in a denial of service.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.6.=
1-0ubuntu1.1.diff.gz
      Size/MD5:     4223 b29a2e77797c1dc3996fa95c3d3fc9dc
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.6.=
1-0ubuntu1.1.dsc
      Size/MD5:      690 c1e2931c5bb73708b0fd7449cf91162d
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.6.=
1.orig.tar.gz
      Size/MD5:   600116 49cf542cfd814d7d01a272e27015b7b4

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2=
-doc_2.2.6.1-0ubuntu1.1_all.deb
      Size/MD5:    97478 fe739446d0b8dc2e59db7fba7110df36

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   122752 1c3b712a3d024c96202efbe26487e4dc
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.6.1-0ubuntu1.1_amd64.deb
      Size/MD5:   160696 722e69eae12a0a19fa68fa784a10122c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   112142 5ef7c3e56386f26535e1408e5d42503e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.6.1-0ubuntu1.1_i386.deb
      Size/MD5:   140346 ead54510f646e0fe73eee7b1781394f1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   118020 bf92390abb8ab08b14dcb0d77d98c1ad
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.6.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   161348 6526420cdc10d3133a609516cd241e19

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   116062 e248ec557eeb97601bbfcced6ad7f10b
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.6.1-0ubuntu1.1_sparc.deb
      Size/MD5:   151452 3f57086e6c78b541fab19f71b586a2bd

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.1.diff.gz
      Size/MD5:     5471 50b6572dc389f14529daa23a428222e3
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
-0ubuntu1.1.dsc
      Size/MD5:     1690 cece99cb660cbc7367c6807f12b71009
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.93=
=2Eorig.tar.gz
      Size/MD5:   616955 b41efe6d3d475b20fb3b42c134bbccd3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2.2=
-doc_2.2.93-0ubuntu1.1_all.deb
      Size/MD5:   111910 dc2f544c302fdc8e1309d68a63cc251a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.93-0ubuntu1.1_amd64.deb
      Size/MD5:   126890 e76acbc938911434c14745e55dd81ae3
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.1_amd64.deb
      Size/MD5:   166280 accf21086b9b500dd609504ad29dd04a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.93-0ubuntu1.1_i386.deb
      Size/MD5:   116078 34ea24d5a57d32dc6296e08ba51a9fc1
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.1_i386.deb
      Size/MD5:   145212 28afb366495211a417bfadf8554a7cb0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.93-0ubuntu1.1_powerpc.deb
      Size/MD5:   121986 ec9cc7867dbb49028d28d177da4e3579
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.1_powerpc.deb
      Size/MD5:   167364 d8395ec70c8bba72861c9ac8fd1cc503

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.93-0ubuntu1.1_sparc.deb
      Size/MD5:   120692 43d7164ead19dee2b40c32b317102d12
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.93-0ubuntu1.1_sparc.deb
      Size/MD5:   157494 5a05d1da07ee0c06111639cab4fa16fd

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.96=
-0ubuntu2.1.diff.gz
      Size/MD5:     5753 fba402e17584b648ac9ec962cdd69e74
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.96=
-0ubuntu2.1.dsc
      Size/MD5:     1500 409106ece482cee6b645f9acdc20ebba
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup_2.2.96=
=2Eorig.tar.gz
      Size/MD5:   673788 27bfc4e34d85b28e4ffea9d21b642b51

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-doc=
_2.2.96-0ubuntu2.1_all.deb
      Size/MD5:   142086 956bb89d2436bf0251c3b1509da22ecf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.96-0ubuntu2.1_amd64.deb
      Size/MD5:   132538 6adf2a31cb0cd5b935c88f884c1e1af8
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.96-0ubuntu2.1_amd64.deb
      Size/MD5:   172966 7a908c778e75db2c4df59af7c43dd946

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.96-0ubuntu2.1_i386.deb
      Size/MD5:   125360 7f87d6d58a3d2102b2919c99d3b6c3ee
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.96-0ubuntu2.1_i386.deb
      Size/MD5:   155750 981fd1e018b3f208d9c3c69b9cc786d9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.96-0ubuntu2.1_powerpc.deb
      Size/MD5:   128718 c340991ea128124e143b381c5fa6598e
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.96-0ubuntu2.1_powerpc.deb
      Size/MD5:   174524 8c7fbdb5f203ccf6d8c93b01e12773dd

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_2=
=2E2.96-0ubuntu2.1_sparc.deb
      Size/MD5:   125922 ab80746fbe13588d121fd511418ec98d
    http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-dev=
_2.2.96-0ubuntu2.1_sparc.deb
      Size/MD5:   162968 66e87a3dce6906ed4db3b21b3c52ac0b


--sfyO1m2EN8ZOtJL6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFtozJH/9LqRcGPm0RAjnhAJ44I3d3SxCs7F25+K3mYkBD29uhOgCfRkMv
JvLjT+Nh+dWg4YcqZ4PsIvQ=
=98PA
-----END PGP SIGNATURE-----

--sfyO1m2EN8ZOtJL6--


--===============1402472560==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1402472560==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung