Synopsis: Moderate: libsoup security update Issue date: 2009-03-16 CVE Names: CVE-2009-0585 An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect. SL 4.x SRPMS: evolution28-libsoup-2.2.98-5.el4.1.src.rpm libsoup-2.2.1-4.el4.1.src.rpm i386: evolution28-libsoup-2.2.98-5.el4.1.i386.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-devel-2.2.1-4.el4.1.i386.rpm x86_64: evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm libsoup-2.2.1-4.el4.1.i386.rpm libsoup-2.2.1-4.el4.1.x86_64.rpm libsoup-devel-2.2.1-4.el4.1.x86_64.rpm SL 5.x SRPMS: libsoup-2.2.98-2.el5_3.1.src.rpm i386: libsoup-2.2.98-2.el5_3.1.i386.rpm libsoup-devel-2.2.98-2.el5_3.1.i386.rpm x86_64: libsoup-2.2.98-2.el5_3.1.i386.rpm libsoup-2.2.98-2.el5_3.1.x86_64.rpm libsoup-devel-2.2.98-2.el5_3.1.i386.rpm libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm -Connie Sieh -Troy Dawson