Mandriva Linux Security Advisory 2012-036 - Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a \%2e\%2e in a URI. The updated packages have been patched to correct this issue.
26acc85abfe4b0e0b1049ae10788b907f1be455d4875bed9464a7cabe9e748ddDebian Linux Security Advisory 2369-1 - It was discovered that libsoup2.4, a HTTP library implementation in C, is not properly validating input when processing requests made to SoupServer. A remote attacker can exploit this flaw to access system files via a directory traversal attack.
e634802cfae069d5d50208bd0bc4815d5ddbbfd3098ea941bd70b031e1a7a505Ubuntu Security Notice 1181-1 - It was discovered that libsoup did not properly validate its input when processing SoupServer requests. A remote attacker could exploit this to access files via directory traversal.
14e4949d1f5bc313734e55b50adf2646d195731a6e58ea63f28211c4574fdbcaRed Hat Security Advisory 2011-1102-01 - libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect.
2d111ef0e64d2744457f6d7bec28ca03c7a869c7b009fdbc59b288e639888134
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed