English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.63622
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-737-1 (libsoup)
Summary:Ubuntu USN-737-1 (libsoup)
Description:The remote host is missing an update to libsoup
announced via advisory USN-737-1.

Details follow:

It was discovered that the Base64 encoding functions in libsoup did not
properly handle large strings. If a user were tricked into connecting to a
malicious server, an attacker could possibly execute arbitrary code with
user privileges.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
libsoup2.2-8 2.2.93-0ubuntu1.2

Ubuntu 7.10:
libsoup2.2-8 2.2.100-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-737-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0585
Bugtraq: 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501712/100/0/threaded
http://openwall.com/lists/oss-security/2009/03/12/2
http://ocert.org/patches/2008-015/libsoup-CVE-2009-0585.diff
http://www.ocert.org/advisories/ocert-2008-015.html
Debian Security Information: DSA-1748 (Google Search)
http://www.debian.org/security/2009/dsa-1748
http://www.mandriva.com/security/advisories?name=MDVSA-2009:081
http://www.redhat.com/support/errata/RHSA-2009-0344.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://www.ubuntu.com/usn/USN-737-1
BugTraq ID: 34100
http://www.securityfocus.com/bid/34100
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9599
http://secunia.com/advisories/34310
http://secunia.com/advisories/34337
http://secunia.com/advisories/34401
http://secunia.com/advisories/35065
XForce ISS Database: libsoup-soupmisc-bo(49273)
http://xforce.iss.net/xforce/xfdb/49273
Common Vulnerability Exposure (CVE) ID: CVE-2009-0135
Bugtraq: 20090111 [TKADV2009-002] Amarok Integer Overflow and Unchecked Allocation Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499984/100/0/threaded
http://openwall.com/lists/oss-security/2009/01/14/2
http://trapkit.de/advisories/TKADV2009-002.txt
Debian Security Information: DSA-1706 (Google Search)
http://www.debian.org/security/2009/dsa-1706
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00708.html
http://security.gentoo.org/glsa/glsa-200903-34.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:030
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
http://www.ubuntu.com/usn/USN-739-1
BugTraq ID: 33210
http://www.securityfocus.com/bid/33210
http://secunia.com/advisories/34315
http://secunia.com/advisories/34407
http://www.vupen.com/english/advisories/2009/0100
http://www.securitytracker.com/id?1021558
http://secunia.com/advisories/33505
http://secunia.com/advisories/33522
http://secunia.com/advisories/33640
http://secunia.com/advisories/33819
http://securityreason.com/securityalert/4915
Common Vulnerability Exposure (CVE) ID: CVE-2009-0136
Common Vulnerability Exposure (CVE) ID: CVE-2008-4564
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=774
CERT/CC vulnerability note: VU#276563
http://www.kb.cert.org/vuls/id/276563
BugTraq ID: 34086
http://www.securityfocus.com/bid/34086
http://osvdb.org/52713
http://securitytracker.com/id?1021856
http://securitytracker.com/id?1021857
http://www.securitytracker.com/id?1021859
http://secunia.com/advisories/34307
http://secunia.com/advisories/34303
http://secunia.com/advisories/34318
http://secunia.com/advisories/34355
http://www.vupen.com/english/advisories/2009/0744
http://www.vupen.com/english/advisories/2009/0756
http://www.vupen.com/english/advisories/2009/0757
XForce ISS Database: autonomy-keyview-wp6sr-bo(49284)
http://xforce.iss.net/xforce/xfdb/49284
Common Vulnerability Exposure (CVE) ID: CVE-2009-0538
Bugtraq: 20090318 Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5 (Google Search)
http://www.securityfocus.com/archive/1/archive/1/501930/100/0/threaded
http://www.layereddefense.com/pcanywhere17mar.html
BugTraq ID: 33845
http://www.securityfocus.com/bid/33845
http://osvdb.org/52797
http://securitytracker.com/id?1021855
http://secunia.com/advisories/34305
http://www.vupen.com/english/advisories/2009/0755
XForce ISS Database: symantec-pcanywhere-unspecified-dos(49291)
http://xforce.iss.net/xforce/xfdb/49291
Common Vulnerability Exposure (CVE) ID: CVE-2004-2761
Bugtraq: 20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate (Google Search)
http://www.securityfocus.com/archive/1/archive/1/499685/100/0/threaded
http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
http://www.doxpara.com/research/md5/md5_someday.pdf
http://www.microsoft.com/technet/security/advisory/961509.mspx
http://www.phreedom.org/research/rogue-ca/
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
http://www.win.tue.nl/hashclash/rogue-ca/
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
Cisco Security Advisory: 20090115 MD5 Hashes May Allow for Certificate Spoofing
http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html
RedHat Security Advisories: RHSA-2010:0837
https://rhn.redhat.com/errata/RHSA-2010-0837.html
RedHat Security Advisories: RHSA-2010:0838
https://rhn.redhat.com/errata/RHSA-2010-0838.html
http://www.ubuntu.com/usn/usn-740-1
CERT/CC vulnerability note: VU#836068
http://www.kb.cert.org/vuls/id/836068
BugTraq ID: 33065
http://www.securityfocus.com/bid/33065
http://securitytracker.com/id?1024697
http://secunia.com/advisories/33826
http://secunia.com/advisories/34281
http://secunia.com/advisories/42181
http://securityreason.com/securityalert/4866
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2013 E-Soft Inc. All rights reserved.