Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 28 Jul 2011 15:17:57 -0500 Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Moderate: libsoup on SL6.x i386/x86_64 Comments: To: " This email address is being protected from spambots. You need JavaScript enabled to view it. "MIME-Version: 1.0 Synopsis: Moderate: libsoup security update Issue Date: 2011-07-28 CVE Numbers: CVE-2011-2524 libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. (CVE-2011-2524) All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect. SL6: i386 libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm x86_64 libsoup-2.28.2-1.el6_1.1.i686.rpm libsoup-2.28.2-1.el6_1.1.x86_64.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm libsoup-devel-2.28.2-1.el6_1.1.i686.rpm libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm - Scientific Linux Development Team