Bug 223144 - (CVE-2006-5876) CVE-2006-5876 libsoup Server code crashes upon receiving malformed GET HTTP header
CVE-2006-5876 libsoup Server code crashes upon receiving malformed GET HTTP h...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: libsoup (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthew Barnes
http://bugs.debian.org/cgi-bin/bugrep...
impact=moderate,source=debian,reporte...
: Reopened, Security
Depends On: 223143
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-17 18:27 EST by Lubomir Kundrak
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: libsoup-2.2.99-1.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-19 12:23:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lubomir Kundrak 2007-01-17 18:27:16 EST
+++ This bug was initially created as a clone of Bug #223143 +++

Description of problem:

Programs using libsoup Server code attempts to dereference NULL
pointer upon receival of a header that looks like this:

"GET something\000something\r\n"

Affected code is used just by Rhythmbox's daap plugin in FC{5,6} and RHEL5
Also you can use seahorse from Extras to reproduce the issue

See the debian bugreport for details.

Steps to Reproduce:
1. Run rhythmbox and enable the daap server
2. echo -e "GET abcd\000efgh" |telnet localhost daap
3. Correct the line above, for I haven't tried it :)
  
Additional info:

Upstream completly rewrote the affected functions. Dunno if debian did
their own patches, but they issued a DSA for that.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405197
http://bugzilla.gnome.org/show_bug.cgi?id=391970
Comment 1 Matthew Barnes 2007-01-18 10:40:49 EST
This has been fixed in libsoup-2.2.99.  Fedora Core 6 currently has 2.2.98.

I'll address this by pushing 2.2.99 as a Fedora Core 6 update.
Comment 2 Fedora Update System 2007-01-22 12:11:37 EST
libsoup-2.2.99-1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 3 Fedora Update System 2007-01-29 11:11:16 EST
libsoup-2.2.99-1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 4 Matthew Barnes 2007-01-29 11:18:58 EST
Closing as CURRENTRELEASE.
Comment 5 Josh Bressers 2007-02-01 10:55:01 EST
I'm reopening this ticket as there has not yet been a FC5 update for libsoup
(we'll use this one bug to track both as it's a bit easier).
Comment 7 Fedora Update System 2007-02-19 12:12:17 EST
libsoup-2.2.96-2.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 8 Matthew Barnes 2007-02-19 12:23:01 EST
Closing as CURRENTRELEASE.

Note You need to log in before you can comment on or make changes to this bug.