Pardus alert 2011-108 (libsoup)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security]  [PLSA 2011-108] libsoup: Directory Traversal 
Date:
    	     
 
Mon, 5 Sep 2011 14:51:19 +0300
Message-ID:
    	     
 
<201109051451.19377.meltem@pardus.org.tr>

------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-108           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-09-05
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in libsoup. 


Description
===========

CVE-2011-2524: 

SoupServer from libsoup did not properly parse '..' in URLs  passed  to 
it. This could allow for some services that use  SoupServer  to  expose 
unintended files (such  as  http://localhost/..%2f..%2f..%2fetc/passwd) 
when it is used to export part of the local filesystem. 



Affected packages:

  Pardus 2009:
    libsoup, all before 2.28.2-15-7
  Pardus 2011:
    libsoup, all before 2.32.2-20-p11


Resolution
==========

There are update(s) for libsoup. You can update them via Package Manager
or with a single command from console: 

  Pardus 2009:
    pisi up libsoup

  Pardus 2011:
    pisi up libsoup


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18868

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security