CLD-458 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2018-12910 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libsoup
Deficiency Type SECURITY
Date Created 2018-07-06 08:27:21
Date Last Modified 2018-07-06 08:41:16

Version Specific Information:

Cucumber 1.0 i686fixed in libsoup-
Cucumber 1.0 x86_64fixed in libsoup- and libsoup-lib_i686-

Cucumber 1.1 i686 fixed in libsoup-
Cucumber 1.1 x86_64 fixed in libsoup- and libsoup-lib_i686-


=================================== Overview ===================================

soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to
have unspecified impact via an empty hostname. 

================================= Our Analysis =================================

----- Affected Products -----
Libsoup version that has not had the patch from the commit
applied is vulnerable. This includes libsoup as originally packaged in Cucumber
Linux 1.0 and 1.1.

----- Scope and Impact of this Vulnerability -----
The impact of this vulnerability is unknown as of Fri Jul  6 08:38:52 EDT 2018.

----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from the commit

================================= Our Solution =================================

We have applied the aforementioned patch and rebuilt.