 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 17 Mar 2009 14:55:14 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: libsoup security update
Issue date: 2009-03-16
CVE Names: CVE-2009-0585
An integer overflow flaw which caused a heap-based buffer overflow was
discovered in libsoup's Base64 encoding routine. An attacker could use
this flaw to crash, or, possibly, execute arbitrary code. This arbitrary
code would execute with the privileges of the application using
libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585)
All running applications using the affected library function (such as
Evolution configured to connect to the GroupWise back-end) must be
restarted for the update to take effect.
SL 4.x
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm
libsoup-2.2.1-4.el4.1.src.rpm
i386:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm
libsoup-2.2.1-4.el4.1.i386.rpm
libsoup-devel-2.2.1-4.el4.1.i386.rpm
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm
libsoup-2.2.1-4.el4.1.i386.rpm
libsoup-2.2.1-4.el4.1.x86_64.rpm
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm
SL 5.x
SRPMS:
libsoup-2.2.98-2.el5_3.1.src.rpm
i386:
libsoup-2.2.98-2.el5_3.1.i386.rpm
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm
x86_64:
libsoup-2.2.98-2.el5_3.1.i386.rpm
libsoup-2.2.98-2.el5_3.1.x86_64.rpm
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm
libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
