Debian Bug report logs - #520039
libsoup: CVE-2009-0585 integer overflow vulnerability

version graph

Package: libsoup; Maintainer for libsoup is (unknown);

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Tue, 17 Mar 2009 00:00:02 UTC

Severity: grave

Tags: security

Fixed in version 2.2.101-1

Done: Sebastian Dröge <slomo@circular-chaos.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#520039; Package libsoup. (Tue, 17 Mar 2009 00:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Tue, 17 Mar 2009 00:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: libsoup: CVE-2009-0585 integer overflow vulnerability
Date: Mon, 16 Mar 2009 19:56:40 -0400
package: libsoup
severity: grave
tags: security

it has been found that libsoup is vulnerable to an integer overflow
attack, see CVE-2009-0585 [1].  details are:

  Integer overflow in the soup_base64_encode function in soup-misc.c in
  libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows
  context-dependent attackers to execute arbitrary code via a long
  string that is converted to a base64 representation.

since this allows remote attackers to execute arbitrary code, it
should be treated with high urgency.

this was just fixed in ubuntu, so it may be possible to adopt their
patch [2].

if you fix these vulnerabilities, please make sure to include the CVE
id in your changelog.  please contact the security team to coordinate
a fix for stable and/or if you have any questions.

regards,
mike

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0585
[2] http://www.ubuntu.com/usn/USN-737-1




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>:
Bug#520039; Package libsoup. (Tue, 17 Mar 2009 01:06:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>. (Tue, 17 Mar 2009 01:06:08 GMT) Full text and rfc822 format available.

Message #10 received at 520039@bugs.debian.org (full text, mbox):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 520039@bugs.debian.org
Subject: more info
Date: Mon, 16 Mar 2009 21:03:16 -0400
fyi, the libsoup2.4 packages do not appear to be affected; it makes
use of the glib base64 modules (which are actually vulnerable
themselves, but that's a separate bug).




Reply sent to Sebastian Dröge <slomo@circular-chaos.org>:
You have taken responsibility. (Tue, 17 Mar 2009 12:21:04 GMT) Full text and rfc822 format available.

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Tue, 17 Mar 2009 12:21:04 GMT) Full text and rfc822 format available.

Message #15 received at 520039-done@bugs.debian.org (full text, mbox):

From: Sebastian Dröge <slomo@circular-chaos.org>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 520039-done@bugs.debian.org
Subject: Re: Bug#520039: libsoup: CVE-2009-0585 integer overflow vulnerability
Date: Tue, 17 Mar 2009 13:20:19 +0100
[Message part 1 (text/plain, inline)]
Version: 2.2.101-1

Am Montag, den 16.03.2009, 19:56 -0400 schrieb Michael Gilbert:
> package: libsoup
> severity: grave
> tags: security
> 
> it has been found that libsoup is vulnerable to an integer overflow
> attack, see CVE-2009-0585 [1].  details are:
> 
>   Integer overflow in the soup_base64_encode function in soup-misc.c in
>   libsoup 2.x.x before 2.2.x, and 2.x before 2.24, allows
>   context-dependent attackers to execute arbitrary code via a long
>   string that is converted to a base64 representation.
> 
> since this allows remote attackers to execute arbitrary code, it
> should be treated with high urgency.

This is fixed already in version 2.2.101-1 which is also in stable by
using the GLib functions (which are still vulnerable in stable but I've
contacted the security team already).
[signature.asc (application/pgp-signature, inline)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 15 Apr 2009 07:29:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 06:55:24 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.