Security Advisory Moderate: libsoup security update

Advisory: RHSA-2009:0344-4
Type: Security Advisory
Severity: Moderate
Issued on: 2009-03-16
Last updated on: 2009-03-16
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.7.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.7.z)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux WS (v. 4)
OVAL: com.redhat.rhsa-20090344.xml
CVEs (cve.mitre.org): CVE-2009-0585

Details

Updated libsoup and evolution28-libsoup packages that fix a security issue
are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

libsoup is an HTTP client/library implementation for GNOME written in C. It
was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.

An integer overflow flaw which caused a heap-based buffer overflow was
discovered in libsoup's Base64 encoding routine. An attacker could use this
flaw to crash, or, possibly, execute arbitrary code. This arbitrary code
would execute with the privileges of the application using libsoup's Base64
routine to encode large, untrusted inputs. (CVE-2009-0585)

All users of libsoup and evolution28-libsoup should upgrade to these
updated packages, which contain a backported patch to resolve this issue.
All running applications using the affected library function (such as
Evolution configured to connect to the GroupWise back-end) must be
restarted for the update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
libsoup-2.2.98-2.el5_3.1.src.rpm     6521e6b96b16e2e1f8d14c7f9a844472
 
IA-32:
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm     9de9e126f6ec6a7a6b0d1303d384cdbd
 
x86_64:
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm     9de9e126f6ec6a7a6b0d1303d384cdbd
libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm     b132aee111d7be0210a904a62d9a66a9
 
Red Hat Desktop (v. 4)
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm     a1a8e16d24cbb981f038ff80748a61f3
libsoup-2.2.1-4.el4.1.src.rpm     d620284b2cfd528eb3f8a248bea4c1f3
 
IA-32:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm     7c0de9a50a1284c38dbf042bd789da35
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm     689cf7db468d639c199a57ac79f1c85c
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-devel-2.2.1-4.el4.1.i386.rpm     70e9f6a0856ae4d4657adbe7e8c5d251
 
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm     767f9e75788fb068a081276d12e300d3
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm     0f2ce15254205984c438eb143a5305e3
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.x86_64.rpm     6f94de8c9ea1409ab3f2241de61374fc
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm     9dbad6c45fc211a9577cbc6f4ca16be7
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
libsoup-2.2.98-2.el5_3.1.src.rpm     6521e6b96b16e2e1f8d14c7f9a844472
 
IA-32:
libsoup-2.2.98-2.el5_3.1.i386.rpm     c3225bbcf9f08ad30942331895058890
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm     9de9e126f6ec6a7a6b0d1303d384cdbd
 
IA-64:
libsoup-2.2.98-2.el5_3.1.ia64.rpm     04b7c37bc3eafbdec82f8737bfe35041
libsoup-devel-2.2.98-2.el5_3.1.ia64.rpm     7cc64e2e454f660252b649eeeb5b8b88
 
PPC:
libsoup-2.2.98-2.el5_3.1.ppc.rpm     22657c2704d79e7778935bea03623d76
libsoup-2.2.98-2.el5_3.1.ppc64.rpm     8beee9eb64210da0418292fe1c76bbc3
libsoup-devel-2.2.98-2.el5_3.1.ppc.rpm     dc5718dd57e50679b80881615c02457e
libsoup-devel-2.2.98-2.el5_3.1.ppc64.rpm     d7f8fc9d0e73d09833c74ddc4b4fa182
 
s390x:
libsoup-2.2.98-2.el5_3.1.s390.rpm     85e63ea41a77eaa6896598b90803dbfc
libsoup-2.2.98-2.el5_3.1.s390x.rpm     462efb725dd40cc788a5fca2f4ee7349
libsoup-devel-2.2.98-2.el5_3.1.s390.rpm     c0000b1b5a4fed8d4b6bf43489b1729a
libsoup-devel-2.2.98-2.el5_3.1.s390x.rpm     28259c6c8d134c37863478580919c718
 
x86_64:
libsoup-2.2.98-2.el5_3.1.i386.rpm     c3225bbcf9f08ad30942331895058890
libsoup-2.2.98-2.el5_3.1.x86_64.rpm     3fc64fe1918987ab2ed8f7b49c526d06
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm     9de9e126f6ec6a7a6b0d1303d384cdbd
libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm     b132aee111d7be0210a904a62d9a66a9
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm     a1a8e16d24cbb981f038ff80748a61f3
libsoup-2.2.1-4.el4.1.src.rpm     d620284b2cfd528eb3f8a248bea4c1f3
 
IA-32:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm     7c0de9a50a1284c38dbf042bd789da35
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm     689cf7db468d639c199a57ac79f1c85c
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-devel-2.2.1-4.el4.1.i386.rpm     70e9f6a0856ae4d4657adbe7e8c5d251
 
IA-64:
evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm     d724ab8512b76608dd8549ecb26cee69
evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm     44a3f87bdcc486cb0df9f889a9573a6f
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.ia64.rpm     46bcdee9331709c9685344861ffb8929
libsoup-devel-2.2.1-4.el4.1.ia64.rpm     cedeb49ac5e50c2b4bed2dd93c736414
 
PPC:
evolution28-libsoup-2.2.98-5.el4.1.ppc.rpm     790ad754f8cecfdfc97fe527a60f3265
evolution28-libsoup-devel-2.2.98-5.el4.1.ppc.rpm     def4d153907c6238e96d238f4dd0c857
libsoup-2.2.1-4.el4.1.ppc.rpm     b14b979ea93490519ef4e264a9fecc2b
libsoup-2.2.1-4.el4.1.ppc64.rpm     a88db160a4d1a6b837e0e2c2a6ab0a38
libsoup-devel-2.2.1-4.el4.1.ppc.rpm     7f7ef1e1b5a6c12f24e95262b82f78ab
 
s390:
evolution28-libsoup-2.2.98-5.el4.1.s390.rpm     23bd426149694ff78cc6b697c38d8284
evolution28-libsoup-devel-2.2.98-5.el4.1.s390.rpm     0c3f1cd5efb90b7ec2926b471256fdf8
libsoup-2.2.1-4.el4.1.s390.rpm     812b7220571ff71c5ec47850e9738949
libsoup-devel-2.2.1-4.el4.1.s390.rpm     a60cc2346bb8314118f7a8033412cdd5
 
s390x:
evolution28-libsoup-2.2.98-5.el4.1.s390x.rpm     e1317644a5db724a93af21f88cd7e33d
evolution28-libsoup-devel-2.2.98-5.el4.1.s390x.rpm     9aef583cebbacacc507181954214f232
libsoup-2.2.1-4.el4.1.s390.rpm     812b7220571ff71c5ec47850e9738949
libsoup-2.2.1-4.el4.1.s390x.rpm     da3881f673a0f4873f1218153d1ef7e1
libsoup-devel-2.2.1-4.el4.1.s390x.rpm     033775b16284284aff4f2078bc6a532d
 
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm     767f9e75788fb068a081276d12e300d3
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm     0f2ce15254205984c438eb143a5305e3
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.x86_64.rpm     6f94de8c9ea1409ab3f2241de61374fc
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm     9dbad6c45fc211a9577cbc6f4ca16be7
 
Red Hat Enterprise Linux AS (v. 4.7.z)
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm     a1a8e16d24cbb981f038ff80748a61f3
libsoup-2.2.1-4.el4.1.src.rpm     d620284b2cfd528eb3f8a248bea4c1f3
 
IA-32:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm     7c0de9a50a1284c38dbf042bd789da35
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm     689cf7db468d639c199a57ac79f1c85c
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-devel-2.2.1-4.el4.1.i386.rpm     70e9f6a0856ae4d4657adbe7e8c5d251
 
IA-64:
evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm     d724ab8512b76608dd8549ecb26cee69
evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm     44a3f87bdcc486cb0df9f889a9573a6f
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.ia64.rpm     46bcdee9331709c9685344861ffb8929
libsoup-devel-2.2.1-4.el4.1.ia64.rpm     cedeb49ac5e50c2b4bed2dd93c736414
 
PPC:
evolution28-libsoup-2.2.98-5.el4.1.ppc.rpm     790ad754f8cecfdfc97fe527a60f3265
evolution28-libsoup-devel-2.2.98-5.el4.1.ppc.rpm     def4d153907c6238e96d238f4dd0c857
libsoup-2.2.1-4.el4.1.ppc.rpm     b14b979ea93490519ef4e264a9fecc2b
libsoup-2.2.1-4.el4.1.ppc64.rpm     a88db160a4d1a6b837e0e2c2a6ab0a38
libsoup-devel-2.2.1-4.el4.1.ppc.rpm     7f7ef1e1b5a6c12f24e95262b82f78ab
 
s390:
evolution28-libsoup-2.2.98-5.el4.1.s390.rpm     23bd426149694ff78cc6b697c38d8284
evolution28-libsoup-devel-2.2.98-5.el4.1.s390.rpm     0c3f1cd5efb90b7ec2926b471256fdf8
libsoup-2.2.1-4.el4.1.s390.rpm     812b7220571ff71c5ec47850e9738949
libsoup-devel-2.2.1-4.el4.1.s390.rpm     a60cc2346bb8314118f7a8033412cdd5
 
s390x:
evolution28-libsoup-2.2.98-5.el4.1.s390x.rpm     e1317644a5db724a93af21f88cd7e33d
evolution28-libsoup-devel-2.2.98-5.el4.1.s390x.rpm     9aef583cebbacacc507181954214f232
libsoup-2.2.1-4.el4.1.s390.rpm     812b7220571ff71c5ec47850e9738949
libsoup-2.2.1-4.el4.1.s390x.rpm     da3881f673a0f4873f1218153d1ef7e1
libsoup-devel-2.2.1-4.el4.1.s390x.rpm     033775b16284284aff4f2078bc6a532d
 
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm     767f9e75788fb068a081276d12e300d3
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm     0f2ce15254205984c438eb143a5305e3
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.x86_64.rpm     6f94de8c9ea1409ab3f2241de61374fc
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm     9dbad6c45fc211a9577cbc6f4ca16be7
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
libsoup-2.2.98-2.el5_3.1.src.rpm     6521e6b96b16e2e1f8d14c7f9a844472
 
IA-32:
libsoup-2.2.98-2.el5_3.1.i386.rpm     c3225bbcf9f08ad30942331895058890
 
x86_64:
libsoup-2.2.98-2.el5_3.1.i386.rpm     c3225bbcf9f08ad30942331895058890
libsoup-2.2.98-2.el5_3.1.x86_64.rpm     3fc64fe1918987ab2ed8f7b49c526d06
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm     a1a8e16d24cbb981f038ff80748a61f3
libsoup-2.2.1-4.el4.1.src.rpm     d620284b2cfd528eb3f8a248bea4c1f3
 
IA-32:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm     7c0de9a50a1284c38dbf042bd789da35
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm     689cf7db468d639c199a57ac79f1c85c
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-devel-2.2.1-4.el4.1.i386.rpm     70e9f6a0856ae4d4657adbe7e8c5d251
 
IA-64:
evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm     d724ab8512b76608dd8549ecb26cee69
evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm     44a3f87bdcc486cb0df9f889a9573a6f
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.ia64.rpm     46bcdee9331709c9685344861ffb8929
libsoup-devel-2.2.1-4.el4.1.ia64.rpm     cedeb49ac5e50c2b4bed2dd93c736414
 
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm     767f9e75788fb068a081276d12e300d3
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm     0f2ce15254205984c438eb143a5305e3
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.x86_64.rpm     6f94de8c9ea1409ab3f2241de61374fc
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm     9dbad6c45fc211a9577cbc6f4ca16be7
 
Red Hat Enterprise Linux ES (v. 4.7.z)
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm     a1a8e16d24cbb981f038ff80748a61f3
libsoup-2.2.1-4.el4.1.src.rpm     d620284b2cfd528eb3f8a248bea4c1f3
 
IA-32:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm     7c0de9a50a1284c38dbf042bd789da35
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm     689cf7db468d639c199a57ac79f1c85c
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-devel-2.2.1-4.el4.1.i386.rpm     70e9f6a0856ae4d4657adbe7e8c5d251
 
IA-64:
evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm     d724ab8512b76608dd8549ecb26cee69
evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm     44a3f87bdcc486cb0df9f889a9573a6f
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.ia64.rpm     46bcdee9331709c9685344861ffb8929
libsoup-devel-2.2.1-4.el4.1.ia64.rpm     cedeb49ac5e50c2b4bed2dd93c736414
 
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm     767f9e75788fb068a081276d12e300d3
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm     0f2ce15254205984c438eb143a5305e3
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.x86_64.rpm     6f94de8c9ea1409ab3f2241de61374fc
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm     9dbad6c45fc211a9577cbc6f4ca16be7
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
libsoup-2.2.98-2.el5_3.1.src.rpm     6521e6b96b16e2e1f8d14c7f9a844472
 
IA-32:
libsoup-2.2.98-2.el5_3.1.i386.rpm     c3225bbcf9f08ad30942331895058890
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm     9de9e126f6ec6a7a6b0d1303d384cdbd
 
IA-64:
libsoup-2.2.98-2.el5_3.1.ia64.rpm     04b7c37bc3eafbdec82f8737bfe35041
libsoup-devel-2.2.98-2.el5_3.1.ia64.rpm     7cc64e2e454f660252b649eeeb5b8b88
 
PPC:
libsoup-2.2.98-2.el5_3.1.ppc.rpm     22657c2704d79e7778935bea03623d76
libsoup-2.2.98-2.el5_3.1.ppc64.rpm     8beee9eb64210da0418292fe1c76bbc3
libsoup-devel-2.2.98-2.el5_3.1.ppc.rpm     dc5718dd57e50679b80881615c02457e
libsoup-devel-2.2.98-2.el5_3.1.ppc64.rpm     d7f8fc9d0e73d09833c74ddc4b4fa182
 
s390x:
libsoup-2.2.98-2.el5_3.1.s390.rpm     85e63ea41a77eaa6896598b90803dbfc
libsoup-2.2.98-2.el5_3.1.s390x.rpm     462efb725dd40cc788a5fca2f4ee7349
libsoup-devel-2.2.98-2.el5_3.1.s390.rpm     c0000b1b5a4fed8d4b6bf43489b1729a
libsoup-devel-2.2.98-2.el5_3.1.s390x.rpm     28259c6c8d134c37863478580919c718
 
x86_64:
libsoup-2.2.98-2.el5_3.1.i386.rpm     c3225bbcf9f08ad30942331895058890
libsoup-2.2.98-2.el5_3.1.x86_64.rpm     3fc64fe1918987ab2ed8f7b49c526d06
libsoup-devel-2.2.98-2.el5_3.1.i386.rpm     9de9e126f6ec6a7a6b0d1303d384cdbd
libsoup-devel-2.2.98-2.el5_3.1.x86_64.rpm     b132aee111d7be0210a904a62d9a66a9
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
evolution28-libsoup-2.2.98-5.el4.1.src.rpm     a1a8e16d24cbb981f038ff80748a61f3
libsoup-2.2.1-4.el4.1.src.rpm     d620284b2cfd528eb3f8a248bea4c1f3
 
IA-32:
evolution28-libsoup-2.2.98-5.el4.1.i386.rpm     7c0de9a50a1284c38dbf042bd789da35
evolution28-libsoup-devel-2.2.98-5.el4.1.i386.rpm     689cf7db468d639c199a57ac79f1c85c
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-devel-2.2.1-4.el4.1.i386.rpm     70e9f6a0856ae4d4657adbe7e8c5d251
 
IA-64:
evolution28-libsoup-2.2.98-5.el4.1.ia64.rpm     d724ab8512b76608dd8549ecb26cee69
evolution28-libsoup-devel-2.2.98-5.el4.1.ia64.rpm     44a3f87bdcc486cb0df9f889a9573a6f
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.ia64.rpm     46bcdee9331709c9685344861ffb8929
libsoup-devel-2.2.1-4.el4.1.ia64.rpm     cedeb49ac5e50c2b4bed2dd93c736414
 
x86_64:
evolution28-libsoup-2.2.98-5.el4.1.x86_64.rpm     767f9e75788fb068a081276d12e300d3
evolution28-libsoup-devel-2.2.98-5.el4.1.x86_64.rpm     0f2ce15254205984c438eb143a5305e3
libsoup-2.2.1-4.el4.1.i386.rpm     d1bc6c86e0f699fad3676309f4dbd8a5
libsoup-2.2.1-4.el4.1.x86_64.rpm     6f94de8c9ea1409ab3f2241de61374fc
libsoup-devel-2.2.1-4.el4.1.x86_64.rpm     9dbad6c45fc211a9577cbc6f4ca16be7
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

488026 - CVE-2009-0585 libsoup: integer overflow in soup_base64_encode()


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0585
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/