Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0344

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63579

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:0344

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:0344.;;libsoup is an HTTP client/library implementation for GNOME written in C. It;was originally part of a SOAP (Simple Object Access Protocol);implementation called Soup, but the SOAP and non-SOAP parts have now been;split into separate packages.;;An integer overflow flaw which caused a heap-based buffer overflow was;discovered in libsoup's Base64 encoding routine. An attacker could use this;flaw to crash, or, possibly, execute arbitrary code. This arbitrary code;would execute with the privileges of the application using libsoup's Base64;routine to encode large, untrusted inputs. (CVE-2009-0585);;All users of libsoup and evolution28-libsoup should upgrade to these;updated packages, which contain a backported patch to resolve this issue.;All running applications using the affected library function (such as;Evolution configured to connect to the GroupWise back-end) must be;restarted for the update to take effect.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0344.

libsoup is an HTTP client/library implementation for GNOME written in C. It
was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.

An integer overflow flaw which caused a heap-based buffer overflow was
discovered in libsoup's Base64 encoding routine. An attacker could use this
flaw to crash, or, possibly, execute arbitrary code. This arbitrary code
would execute with the privileges of the application using libsoup's Base64
routine to encode large, untrusted inputs. (CVE-2009-0585)

All users of libsoup and evolution28-libsoup should upgrade to these
updated packages, which contain a backported patch to resolve this issue.
All running applications using the affected library function (such as
Evolution configured to connect to the GroupWise back-end) must be
restarted for the update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0585
20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://www.securityfocus.com/archive/1/501712/100/0/threaded
34100
http://www.securityfocus.com/bid/34100
34310
http://secunia.com/advisories/34310
34337
http://secunia.com/advisories/34337
34401
http://secunia.com/advisories/34401
35065
http://secunia.com/advisories/35065
DSA-1748
http://www.debian.org/security/2009/dsa-1748
MDVSA-2009:081
http://www.mandriva.com/security/advisories?name=MDVSA-2009:081
RHSA-2009:0344
http://www.redhat.com/support/errata/RHSA-2009-0344.html
SUSE-SR:2009:010
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
USN-737-1
http://www.ubuntu.com/usn/USN-737-1
[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://openwall.com/lists/oss-security/2009/03/12/2
http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm
http://www.ocert.org/advisories/ocert-2008-015.html
libsoup-soupmisc-bo(49273)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49273
oval:org.mitre.oval:def:9599
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9599

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63579
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0344
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0344.;;libsoup is an HTTP client/library implementation for GNOME written in C. It;was originally part of a SOAP (Simple Object Access Protocol);implementation called Soup, but the SOAP and non-SOAP parts have now been;split into separate packages.;;An integer overflow flaw which caused a heap-based buffer overflow was;discovered in libsoup's Base64 encoding routine. An attacker could use this;flaw to crash, or, possibly, execute arbitrary code. This arbitrary code;would execute with the privileges of the application using libsoup's Base64;routine to encode large, untrusted inputs. (CVE-2009-0585);;All users of libsoup and evolution28-libsoup should upgrade to these;updated packages, which contain a backported patch to resolve this issue.;All running applications using the affected library function (such as;Evolution configured to connect to the GroupWise back-end) must be;restarted for the update to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0344. libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All users of libsoup and evolution28-libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0585 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34310 http://secunia.com/advisories/34310 34337 http://secunia.com/advisories/34337 34401 http://secunia.com/advisories/34401 35065 http://secunia.com/advisories/35065 DSA-1748 http://www.debian.org/security/2009/dsa-1748 MDVSA-2009:081 http://www.mandriva.com/security/advisories?name=MDVSA-2009:081 RHSA-2009:0344 http://www.redhat.com/support/errata/RHSA-2009-0344.html SUSE-SR:2009:010 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html USN-737-1 http://www.ubuntu.com/usn/USN-737-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff http://support.avaya.com/elmodocs2/security/ASA-2009-088.htm http://www.ocert.org/advisories/ocert-2008-015.html libsoup-soupmisc-bo(49273) https://exchange.xforce.ibmcloud.com/vulnerabilities/49273 oval:org.mitre.oval:def:9599 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9599
Copyright	Copyright (C) 2009 E-Soft Inc.