| |||||||||||||||||||
|
| |||||||||||||||||||
Pardus alert 2011-108 (libsoup)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-108 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-09-05 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in libsoup. Description =========== CVE-2011-2524: SoupServer from libsoup did not properly parse '..' in URLs passed to it. This could allow for some services that use SoupServer to expose unintended files (such as http://localhost/..%2f..%2f..%2fetc/passwd) when it is used to export part of the local filesystem. Affected packages: Pardus 2009: libsoup, all before 2.28.2-15-7 Pardus 2011: libsoup, all before 2.32.2-20-p11 Resolution ========== There are update(s) for libsoup. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up libsoup Pardus 2011: pisi up libsoup References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=18868 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|
||||||||||||||||||