Synopsis:	Moderate: libsoup security update
Issue date:	2009-03-16
CVE Names:	CVE-2009-0585

An integer overflow flaw which caused a heap-based buffer overflow was
discovered in libsoup's Base64 encoding routine. An attacker could use 
this flaw to crash, or, possibly, execute arbitrary code. This arbitrary 
code would execute with the privileges of the application using 
libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585)

All running applications using the affected library function (such as
Evolution configured to connect to the GroupWise back-end) must be
restarted for the update to take effect.

SL 4.x

      SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm
libsoup-2.2.1-4.el4.1.src.rpm
      i386:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm
libsoup-2.2.1-4.el4.1.i386.rpm
libsoup-devel-2.2.1-4.el4.1.i386.rpm
      x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm
libsoup-2.2.1-4.el4.1.i386.rpm
libsoup-2.2.1-4.el4.1.x86_64.rpm
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm

SL 5.x

      SRPMS:
libsoup-2.2.98-2.el5_3.1.src.rpm
      i386:
libsoup-2.2.98-2.el5_3.1.i386.rpm
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm
      x86_64:
libsoup-2.2.98-2.el5_3.1.i386.rpm
libsoup-2.2.98-2.el5_3.1.x86_64.rpm
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm
libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm

-Connie Sieh
-Troy Dawson