[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2011-2524: libsoup's SoupServer directory traversal flaw
From: Vincent Danen <vdanen () redhat ! com>
Date: 2011-07-28 18:31:28
Message-ID: 20110728183127.GU1476 () redhat ! com
[Download RAW message or body]
Hello everyone. Just a heads up to advise about a directory traversal
flaw in libsoup's SoupServer. This flaw could allow any service linked
to libsoup and using SoupServer to have a remote user traverse the local
file system and expose unintended files.
References:
https://bugzilla.redhat.com/show_bug.cgi?id=720509
https://bugzilla.gnome.org/show_bug.cgi?id=653258
http://git.gnome.org/browse/libsoup/commit/?id=cbeeb7a0f7f0e8b16f2d382157496f9100218dea
http://git.gnome.org/browse/libsoup/commit/?h=gnome-3-0&id=51eb8798c3965b49f3010db82009d36429f28514
--
Vincent Danen / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic