Debian Security Advisory DSA 1748-1 (libsoup) Network Vulnerability

Summary

The remote host is missing an update to libsoup announced via advisory DSA 1748-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201748-1

Insight

It was discovered that libsoup, an HTTP library implementation in C, handles large strings insecurely via its Base64 encoding functions. This could possibly lead to the execution of arbitrary code. For the oldstable distribution (etch), this problem has been fixed in version 2.2.98-2+etch1. The stable distribution (lenny) is not affected by this issue. The testing distribution (squeeze) and the unstable distribution (sid) are not affected by this issue. We recommend that you upgrade your libsoup packages.

Severity

Classification

CVE CVE-2009-0585

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 008-1 (dialog)
Debian Security Advisory DSA 1011-1 (kernel-patch-vserver, util-vserver)
Debian Security Advisory DSA 1072-1 (nagios)
Debian Security Advisory DSA 097-1 (exim)
Debian Security Advisory DSA 066-1 (cfingerd)

Take action and discover your vulnerabilities