Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Ubuntu 11.04 USN-1181-1 Critical: Libsoup2.4 Directory Traversal Access

Calendar Jul 29, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical directory traversal remote access Ubuntu file access libsoup2.4
An attacker could send crafted URLs to a SoupServer application and obtain unintended access to files. 
=========================================================================Ubuntu Security Notice USN-1181-1
July 28, 2011

libsoup2.4 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS

Summary:

An attacker could send crafted URLs to a SoupServer application and obtain
unintended access to files.

Software Description:
- libsoup2.4: HTTP client/server library for GNOME

Details:

It was discovered that libsoup did not properly validate its input when
processing SoupServer requests. A remote attacker could exploit this to
access files via directory traversal.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.04:
  libsoup2.4-1                    2.34.0-0ubuntu1.1

Ubuntu 10.10:
  libsoup2.4-1                    2.31.92-0ubuntu1.1

Ubuntu 10.04 LTS:
  libsoup2.4-1                    2.30.2-0ubuntu0.2

After a standard system update you need to restart any applications that
use libsoup to make all the necessary changes.

References:
  
  CVE-2011-2524

Package Information:
  https://launchpad.net/ubuntu/+source/libsoup2.4/2.34.0-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/libsoup2.4/2.31.92-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/libsoup2.4/2.30.2-0ubuntu0.2

Ubuntu 11.04 USN-1181-1 Critical: Libsoup2.4 Directory Traversal Access

ubuntu
Calendar Grey July 29, 2011
Dist Ubuntu Esm H88
Responding to the USN-1181-2 notification concerning libsoup2.4, this update resolves a significant vulnerability related to file access in Ubuntu.
An attacker could send crafted URLs to a SoupServer application and obtain unintended access to files.

Summary

Topics%20covered

Topics Covered

security advisory critical directory traversal remote access Ubuntu file access libsoup2.4

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: libsoup2.4-1 2.34.0-0ubuntu1.1 Ubuntu 10.10: libsoup2.4-1 2.31.92-0ubuntu1.1 Ubuntu 10.04 LTS: libsoup2.4-1 2.30.2-0ubuntu0.2 After a standard system update you need to restart any applications that use libsoup to make all the necessary changes.

References

CVE-2011-2524

Severity
critical
Lowest
Low
Medium
High
Critical

July 28, 2011

Topics%20covered

Topics Covered

security advisory critical directory traversal remote access Ubuntu file access libsoup2.4

Package Information

https://launchpad.net/ubuntu/+source/libsoup2.4/2.34.0-0ubuntu1.1 https://launchpad.net/ubuntu/+source/libsoup2.4/2.31.92-0ubuntu1.1 https://launchpad.net/ubuntu/+source/libsoup2.4/2.30.2-0ubuntu0.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here