Package name
libsoup
Date
2012-03-23
Advisory ID
MDVSA-2012:036
Affected versions
MES5 i586 , 2010.1 i586 , 2011 x86_64 , 2011 i586 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been found and corrected in libsoup:

Directory traversal vulnerability in soup-uri.c in SoupServer in
libsoup before 2.35.4 allows remote attackers to read arbitrary files
via a \%2e\%2e (encoded dot dot) in a URI (CVE-2011-2524).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 d4e8a20b159ba5c01fc24d4552e666ac  mes5/i586/libsoup-2.4_1-2.24.0.1-1.1mdvmes5.2.i586.rpm
 39ef32b1d4c8dbe9a9cdb601f759a4ae  mes5/i586/libsoup-2.4-devel-2.24.0.1-1.1mdvmes5.2.i586.rpm 
 5215645c524d5a64b7003a77e5851a39  mes5/SRPMS/libsoup-2.24.0.1-1.1mdvmes5.2.src.rpm

2010.1 i586

 26726dcbd3e8e793fdf645da4185d821  2010.1/i586/libsoup-2.4_1-2.30.2-1.1mdv2010.2.i586.rpm
 47b95f0b1ac8370047f58d64a4e1cc41  2010.1/i586/libsoup-2.4-devel-2.30.2-1.1mdv2010.2.i586.rpm 
 fbf7c3ca4f6ffbc856f2fdb935537d7f  2010.1/SRPMS/libsoup-2.30.2-1.1mdv2010.2.src.rpm

2011 x86_64

 c3a45361e56d309c17fc874c7e2befe7  2011/x86_64/lib64soup-2.4_1-2.34.2-1.1-mdv2011.0.x86_64.rpm
 eff744d6d1beba3b372851ce165d6d70  2011/x86_64/lib64soup-2.4-devel-2.34.2-1.1-mdv2011.0.x86_64.rpm 
 0fd49f8e86882512426b5254bc7a6771  2011/SRPMS/libsoup-2.34.2-1.1.src.rpm

2011 i586

 863a97809de1062e749915712c82fa05  2011/i586/libsoup-2.4_1-2.34.2-1.1-mdv2011.0.i586.rpm
 c1ef08d4a7049e2bd85c9eb9cc50ef9b  2011/i586/libsoup-2.4-devel-2.34.2-1.1-mdv2011.0.i586.rpm 
 0fd49f8e86882512426b5254bc7a6771  2011/SRPMS/libsoup-2.34.2-1.1.src.rpm

MES5 x86_64

 dcb143bb36b1ff90efad7ade90626fae  mes5/x86_64/lib64soup-2.4_1-2.24.0.1-1.1mdvmes5.2.x86_64.rpm
 bc329099d3c2b37d787359794d6be289  mes5/x86_64/lib64soup-2.4-devel-2.24.0.1-1.1mdvmes5.2.x86_64.rpm 
 5215645c524d5a64b7003a77e5851a39  mes5/SRPMS/libsoup-2.24.0.1-1.1mdvmes5.2.src.rpm

2010.1 x86_64

 53485ec990cddcbdb3e43a5069c7f178  2010.1/x86_64/lib64soup-2.4_1-2.30.2-1.1mdv2010.2.x86_64.rpm
 97398905ccc34f209196220d2d61ed20  2010.1/x86_64/lib64soup-2.4-devel-2.30.2-1.1mdv2010.2.x86_64.rpm 
 fbf7c3ca4f6ffbc856f2fdb935537d7f  2010.1/SRPMS/libsoup-2.30.2-1.1mdv2010.2.src.rpm

References