Skip to navigation

Security Advisory Moderate: libsoup security update

Advisory: RHSA-2011:1102-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-07-28
Last updated on: 2011-07-28
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2524

Details

Updated libsoup packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

libsoup is an HTTP client/library implementation for GNOME.

A directory traversal flaw was found in libsoup's SoupServer. If an
application used SoupServer to implement an HTTP service, a remote attacker
who is able to connect to that service could use this flaw to access any
local files accessible to that application via a specially-crafted request.
(CVE-2011-2524)

All users of libsoup should upgrade to these updated packages, which
contain a backported patch to resolve this issue. All running applications
using libsoup's SoupServer must be restarted for the update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
libsoup-2.28.2-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:0313
    MD5: 5f2659a7a0d16e8ca658ff57e5b8d6e2
SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
 
IA-32:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
 
x86_64:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 0b351575faa4e32792767aeb4ab9b3c4
SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 4d9163f9644931debf25a568a0d01a25
SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: cf63ba9a2c3b8ca106acfa2ae3f6ac10
SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
libsoup-2.28.2-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:0313
    MD5: 5f2659a7a0d16e8ca658ff57e5b8d6e2
SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
 
x86_64:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 0b351575faa4e32792767aeb4ab9b3c4
SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 4d9163f9644931debf25a568a0d01a25
SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: cf63ba9a2c3b8ca106acfa2ae3f6ac10
SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
libsoup-2.28.2-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:0313
    MD5: 5f2659a7a0d16e8ca658ff57e5b8d6e2
SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
 
IA-32:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
 
PPC:
libsoup-2.28.2-1.el6_1.1.ppc.rpm
File outdated by:  RHBA-2013:0313
    MD5: 4e5d7257e07ddf3d0dafe6d6f67fd8a3
SHA-256: 8cf55eca5432894fef2e881285220a56c5b5a8acabfd92a274e9b1f1aa8cc7df
libsoup-2.28.2-1.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 563ffb45673d74718183bee3db7ffc0d
SHA-256: 3905e7fcba3dec7548c24711bfd7d77150c24ee86c4b70773a9d6ba1a18436c1
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm
File outdated by:  RHBA-2013:0313
    MD5: b80439c52f73b4d0c3fc751d437c79ed
SHA-256: bf5fcadac91de28751527fe84cf66f0e789570a8c74bd05b1f6e91b62cad6193
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2013:0313
    MD5: eb64e1686e62331f5344a3ad953ce159
SHA-256: 4a9db6692a76779fec3392629d5830bbcef650b90f3570a5ac9a2767c02bfa28
libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm
File outdated by:  RHBA-2013:0313
    MD5: c84fe804552c616f6bef2c06947c1c07
SHA-256: 6147de0aa54b4c22d12c166a45eb622429664e549c81715678e4137b6de53cda
libsoup-devel-2.28.2-1.el6_1.1.ppc64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 28379477153085a7ffb9c1416a8bf2c5
SHA-256: f79a6fc71b515496d39718d49fa123385ac41f476a5cb1cf36fa05edb21d46ad
 
s390x:
libsoup-2.28.2-1.el6_1.1.s390.rpm
File outdated by:  RHBA-2013:0313
    MD5: b3ec9459e74f33b42b2c3661a17f935f
SHA-256: 1643e4a516533774b7d4373b2ed942cebff4ec758fc7b622fcccbfee034d6571
libsoup-2.28.2-1.el6_1.1.s390x.rpm
File outdated by:  RHBA-2013:0313
    MD5: 04faa643a48be871d82b18af8882598f
SHA-256: 60c8ac61e9c5bb9b8e0042838991891ed1ab04debd1e747beffdd7977e4e568e
libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm
File outdated by:  RHBA-2013:0313
    MD5: 012ccde8fa9c1c61df90509853b15bd8
SHA-256: aaf0fbf86fa3ee917fb43162f02911c38f066b736e26e814c36c85d57d19f4d1
libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm
File outdated by:  RHBA-2013:0313
    MD5: be6524046cd2c763a52f4bf2b76923b0
SHA-256: 393d97fb232cbcb2a2dfd3d35233358911065919ef31f94fc0110a576887da04
libsoup-devel-2.28.2-1.el6_1.1.s390.rpm
File outdated by:  RHBA-2013:0313
    MD5: 4665f0a1a5354d9b4fbfd5097b4a16f5
SHA-256: 22598b0759c501258b63e3b11b9a118b4b1b64836d51e3cb5e96f20ea33cc517
libsoup-devel-2.28.2-1.el6_1.1.s390x.rpm
File outdated by:  RHBA-2013:0313
    MD5: 424dbc8c0c979c5eedab8f0850c1cf6d
SHA-256: fb8d83e531a826f7633af9f5d2e9d85544e4bd73080614022890ad93cc78bada
 
x86_64:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 0b351575faa4e32792767aeb4ab9b3c4
SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 4d9163f9644931debf25a568a0d01a25
SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: cf63ba9a2c3b8ca106acfa2ae3f6ac10
SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

SRPMS:
libsoup-2.28.2-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:0313
    MD5: 5f2659a7a0d16e8ca658ff57e5b8d6e2
SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
 
IA-32:
libsoup-2.28.2-1.el6_1.1.i686.rpm     MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm     MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm     MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
 
PPC:
libsoup-2.28.2-1.el6_1.1.ppc.rpm     MD5: 4e5d7257e07ddf3d0dafe6d6f67fd8a3
SHA-256: 8cf55eca5432894fef2e881285220a56c5b5a8acabfd92a274e9b1f1aa8cc7df
libsoup-2.28.2-1.el6_1.1.ppc64.rpm     MD5: 563ffb45673d74718183bee3db7ffc0d
SHA-256: 3905e7fcba3dec7548c24711bfd7d77150c24ee86c4b70773a9d6ba1a18436c1
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm     MD5: b80439c52f73b4d0c3fc751d437c79ed
SHA-256: bf5fcadac91de28751527fe84cf66f0e789570a8c74bd05b1f6e91b62cad6193
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc64.rpm     MD5: eb64e1686e62331f5344a3ad953ce159
SHA-256: 4a9db6692a76779fec3392629d5830bbcef650b90f3570a5ac9a2767c02bfa28
libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm     MD5: c84fe804552c616f6bef2c06947c1c07
SHA-256: 6147de0aa54b4c22d12c166a45eb622429664e549c81715678e4137b6de53cda
libsoup-devel-2.28.2-1.el6_1.1.ppc64.rpm     MD5: 28379477153085a7ffb9c1416a8bf2c5
SHA-256: f79a6fc71b515496d39718d49fa123385ac41f476a5cb1cf36fa05edb21d46ad
 
s390x:
libsoup-2.28.2-1.el6_1.1.s390.rpm     MD5: b3ec9459e74f33b42b2c3661a17f935f
SHA-256: 1643e4a516533774b7d4373b2ed942cebff4ec758fc7b622fcccbfee034d6571
libsoup-2.28.2-1.el6_1.1.s390x.rpm     MD5: 04faa643a48be871d82b18af8882598f
SHA-256: 60c8ac61e9c5bb9b8e0042838991891ed1ab04debd1e747beffdd7977e4e568e
libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm     MD5: 012ccde8fa9c1c61df90509853b15bd8
SHA-256: aaf0fbf86fa3ee917fb43162f02911c38f066b736e26e814c36c85d57d19f4d1
libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm     MD5: be6524046cd2c763a52f4bf2b76923b0
SHA-256: 393d97fb232cbcb2a2dfd3d35233358911065919ef31f94fc0110a576887da04
libsoup-devel-2.28.2-1.el6_1.1.s390.rpm     MD5: 4665f0a1a5354d9b4fbfd5097b4a16f5
SHA-256: 22598b0759c501258b63e3b11b9a118b4b1b64836d51e3cb5e96f20ea33cc517
libsoup-devel-2.28.2-1.el6_1.1.s390x.rpm     MD5: 424dbc8c0c979c5eedab8f0850c1cf6d
SHA-256: fb8d83e531a826f7633af9f5d2e9d85544e4bd73080614022890ad93cc78bada
 
x86_64:
libsoup-2.28.2-1.el6_1.1.i686.rpm     MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm     MD5: 0b351575faa4e32792767aeb4ab9b3c4
SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm     MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm     MD5: 4d9163f9644931debf25a568a0d01a25
SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm     MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm     MD5: cf63ba9a2c3b8ca106acfa2ae3f6ac10
SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
libsoup-2.28.2-1.el6_1.1.src.rpm
File outdated by:  RHBA-2013:0313
    MD5: 5f2659a7a0d16e8ca658ff57e5b8d6e2
SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
 
IA-32:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
 
x86_64:
libsoup-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: a873fdb610fa17e3f229966a07f5a31d
SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 0b351575faa4e32792767aeb4ab9b3c4
SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: f267fba44032a8a2a1578d7e960f54dc
SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: 4d9163f9644931debf25a568a0d01a25
SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm
File outdated by:  RHBA-2013:0313
    MD5: dbf2e828eed500e898d43ce8a440b148
SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm
File outdated by:  RHBA-2013:0313
    MD5: cf63ba9a2c3b8ca106acfa2ae3f6ac10
SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

720509 - CVE-2011-2524 libsoup: SoupServer directory traversal flaw


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/