Red Hat Bugzilla – Bug 223143
CVE-2006-5876 libsoup Server code crashes upon receiving malformed GET HTTP header
Last modified: 2007-11-30 17:07:40 EST
Description of problem: Programs using libsoup Server code attempts to dereference NULL pointer upon receival of a header that looks like this: "GET something\000something\r\n" Affected code is used just by Rhythmbox's daap plugin in FC{5,6} and RHEL5 Also you can use seahorse from Extras to reproduce the issue See the debian bugreport for details. Steps to Reproduce: 1. Run rhythmbox and enable the daap server 2. echo -e "GET abcd\000efgh" |telnet localhost daap 3. Correct the line above, for I haven't tried it :) Additional info: Upstream completly rewrote the affected functions. Dunno if debian did their own patches, but they issued a DSA for that. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405197 http://bugzilla.gnome.org/show_bug.cgi?id=391970
This was fixed in libsoup-2.2.99. I'll backport the upstream changes.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion.
Upstream changes applied to libsoup-2.2.98-2.el5.
A package has been built which should help the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you.