libsoup: security update
This update of libsoup fixes a directory traversal attack
that affect application using the library. CVE-2011-2524:
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4941
Fixed bugs
bnc#706630
VUL-0: CVE-2011-2524: libsoup: filesystem exposure flaw due to bad parsing of ".."
CVE#CVE-2011-2524
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
