LibSoup Library HTTP Headers Remote Denial of Service Vulnerability
BID:22034
Info
LibSoup Library HTTP Headers Remote Denial of Service Vulnerability
| Bugtraq ID: | 22034 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5876 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 12 2007 12:00AM |
| Updated: | Feb 05 2007 11:08PM |
| Credit: | Roland Lezuo and Josselin Mouette are credited with discovering this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.10 sparc Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 rPath rPath Linux 1 Redhat Fedora Core6 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 GNOME Libsoup 2.2.98 GNOME Libsoup 2.2.96 GNOME Libsoup 2.2.93 GNOME Libsoup 2.2.3 GNOME Libsoup 1.99.28 GNOME Libsoup 2.2.6.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
LibSoup Library HTTP Headers Remote Denial of Service Vulnerability
The Libsoup library is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
Attackers may exploit this vulnerability to crash an application that relies on the affected library, resulting in a denial-of-service condition.
The Libsoup library is prone to a denial-of-service vulnerability because it fails to properly sanitize user-supplied input.
Attackers may exploit this vulnerability to crash an application that relies on the affected library, resulting in a denial-of-service condition.
Exploit / POC
LibSoup Library HTTP Headers Remote Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
LibSoup Library HTTP Headers Remote Denial of Service Vulnerability
Solution:
Please see the referenced advisories for more information.
Redhat Fedora Core6
GNOME Libsoup 1.99.28
GNOME Libsoup 2.2.93
GNOME Libsoup 2.2.96
Solution:
Please see the referenced advisories for more information.
Redhat Fedora Core6
-
RedHat libsoup-2.2.99-1.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-2.2.99-1.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-2.2.99-1.fc6.src.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-2.2.99-1.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-debuginfo-2.2.99-1.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-debuginfo-2.2.99-1.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-debuginfo-2.2.99-1.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-devel-2.2.99-1.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-devel-2.2.99-1.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat libsoup-devel-2.2.99-1.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
GNOME Libsoup 1.99.28
-
Mandriva libsoup-1.99.28-1.1.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
GNOME Libsoup 2.2.93
-
Ubuntu libsoup2.2-8_2.2.93-0ubuntu1.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.93-0ubuntu1.1_amd64.deb -
Ubuntu libsoup2.2-8_2.2.93-0ubuntu1.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.93-0ubuntu1.1_i386.deb -
Ubuntu libsoup2.2-8_2.2.93-0ubuntu1.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.93-0ubuntu1.1_powerpc.deb -
Ubuntu libsoup2.2-8_2.2.93-0ubuntu1.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.93-0ubuntu1.1_sparc.deb -
Ubuntu libsoup2.2-dev_2.2.93-0ubuntu1.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.93-0ubuntu1.1_amd64.deb -
Ubuntu libsoup2.2-dev_2.2.93-0ubuntu1.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.93-0ubuntu1.1_i386.deb -
Ubuntu libsoup2.2-dev_2.2.93-0ubuntu1.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.93-0ubuntu1.1_powerpc.deb -
Ubuntu libsoup2.2-dev_2.2.93-0ubuntu1.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.93-0ubuntu1.1_sparc.deb -
Ubuntu libsoup2.2-doc_2.2.93-0ubuntu1.1_all.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsoup/libsoup2. 2-doc_2.2.93-0ubuntu1.1_all.deb
GNOME Libsoup 2.2.96
-
Ubuntu libsoup2.2-8_2.2.96-0ubuntu2.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.96-0ubuntu2.1_amd64.deb -
Ubuntu libsoup2.2-8_2.2.96-0ubuntu2.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.96-0ubuntu2.1_i386.deb -
Ubuntu libsoup2.2-8_2.2.96-0ubuntu2.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.96-0ubuntu2.1_powerpc.deb -
Ubuntu libsoup2.2-8_2.2.96-0ubuntu2.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-8_ 2.2.96-0ubuntu2.1_sparc.deb -
Ubuntu libsoup2.2-dev_2.2.96-0ubuntu2.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.96-0ubuntu2.1_amd64.deb -
Ubuntu libsoup2.2-dev_2.2.96-0ubuntu2.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.96-0ubuntu2.1_i386.deb -
Ubuntu libsoup2.2-dev_2.2.96-0ubuntu2.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.96-0ubuntu2.1_powerpc.deb -
Ubuntu libsoup2.2-dev_2.2.96-0ubuntu2.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-de v_2.2.96-0ubuntu2.1_sparc.deb -
Ubuntu libsoup2.2-doc_2.2.96-0ubuntu2.1_all.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsoup/libsoup2.2-do c_2.2.96-0ubuntu2.1_all.deb
References
LibSoup Library HTTP Headers Remote Denial of Service Vulnerability
References:
References:
- Libsoup Homepage (Gnome)