Pardus: 2011-108: libsoup: Directory Traversal
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in libsoup.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-108           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-09-05
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in libsoup.


Description
==========
CVE-2011-2524:

SoupServer from libsoup did not properly parse '..' in URLs  passed  to
it. This could allow for some services that use  SoupServer  to  expose
unintended files (such  as  http://localhost/..%2f..%2f..%2fetc/passwd)
when it is used to export part of the local filesystem.



Affected packages:

  Pardus 2009:
    libsoup, all before 2.28.2-15-7
  Pardus 2011:
    libsoup, all before 2.32.2-20-p11


Resolution
=========
There are update(s) for libsoup. You can update them via Package Manager
or with a single command from console:

  Pardus 2009:
    pisi up libsoup

  Pardus 2011:
    pisi up libsoup


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id868

------------------------------------------------------------------------