CLD-458 Details
Other IDs this deficiency may be known by:
Basic Information:
| Affected Package(s) |
libsoup |
| Deficiency Type |
SECURITY |
| Date Created |
2018-07-06 08:27:21 |
| Date Last Modified |
2018-07-06 08:41:16 |
Version Specific Information:
| Cucumber 1.0 i686 | fixed in libsoup-2.59.90.1-i686-2 |
| Cucumber 1.0 x86_64 | fixed in libsoup-2.59.90.1-x86_64-2 and libsoup-lib_i686-2.59.90.1-lib_i686-2 |
| Cucumber 1.1 i686 |
fixed in libsoup-2.59.90.1-i686-2 |
| Cucumber 1.1 x86_64 |
fixed in libsoup-2.59.90.1-x86_64-2 and libsoup-lib_i686-2.59.90.1-lib_i686-2 |
Details:
=================================== Overview ===================================
soup_cookie_jar_get_cookies in soup-cookie-jar.c in libsoup allows attackers to
have unspecified impact via an empty hostname.
================================= Our Analysis =================================
----- Affected Products -----
Libsoup version 2.59.90.1 that has not had the patch from the commit
https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f
applied is vulnerable. This includes libsoup as originally packaged in Cucumber
Linux 1.0 and 1.1.
----- Scope and Impact of this Vulnerability -----
The impact of this vulnerability is unknown as of Fri Jul 6 08:38:52 EDT 2018.
----- Fix for this Vulnerability -----
This vulnerability can be fixed by applying the patch from the commit
https://gitlab.gnome.org/GNOME/libsoup/commit/db2b0d5809d5f8226d47312b40992cadbcde439f.
================================= Our Solution =================================
We have applied the aforementioned patch and rebuilt.