Issued:
2011-07-28
Updated:
2011-07-28

RHSA-2011:1102 - Security Advisory

Synopsis

Moderate: libsoup security update

Type/Severity

Security Advisory: Moderate

Topic

Updated libsoup packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

libsoup is an HTTP client/library implementation for GNOME.

A directory traversal flaw was found in libsoup's SoupServer. If an
application used SoupServer to implement an HTTP service, a remote attacker
who is able to connect to that service could use this flaw to access any
local files accessible to that application via a specially-crafted request.
(CVE-2011-2524)

All users of libsoup should upgrade to these updated packages, which
contain a backported patch to resolve this issue. All running applications
using libsoup's SoupServer must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 6.1 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.1 i386
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1 s390x
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1 i386
  • Red Hat Virtual Storage Appliance (from RHUI) 6.1 x86_64

Fixes

  • BZ - 720509 - CVE-2011-2524 libsoup: SoupServer directory traversal flaw

CVEs

References

Red Hat Enterprise Linux Server 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
i386
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f

Red Hat Enterprise Linux Server - Extended Update Support 6.1

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
i386
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f

Red Hat Enterprise Linux Workstation 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
i386
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f

Red Hat Enterprise Linux Desktop 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
i386
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
s390x
libsoup-2.28.2-1.el6_1.1.s390.rpm SHA-256: 1643e4a516533774b7d4373b2ed942cebff4ec758fc7b622fcccbfee034d6571
libsoup-2.28.2-1.el6_1.1.s390x.rpm SHA-256: 60c8ac61e9c5bb9b8e0042838991891ed1ab04debd1e747beffdd7977e4e568e
libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm SHA-256: aaf0fbf86fa3ee917fb43162f02911c38f066b736e26e814c36c85d57d19f4d1
libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm SHA-256: 393d97fb232cbcb2a2dfd3d35233358911065919ef31f94fc0110a576887da04
libsoup-devel-2.28.2-1.el6_1.1.s390.rpm SHA-256: 22598b0759c501258b63e3b11b9a118b4b1b64836d51e3cb5e96f20ea33cc517
libsoup-devel-2.28.2-1.el6_1.1.s390x.rpm SHA-256: fb8d83e531a826f7633af9f5d2e9d85544e4bd73080614022890ad93cc78bada

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.1

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
s390x
libsoup-2.28.2-1.el6_1.1.s390.rpm SHA-256: 1643e4a516533774b7d4373b2ed942cebff4ec758fc7b622fcccbfee034d6571
libsoup-2.28.2-1.el6_1.1.s390x.rpm SHA-256: 60c8ac61e9c5bb9b8e0042838991891ed1ab04debd1e747beffdd7977e4e568e
libsoup-debuginfo-2.28.2-1.el6_1.1.s390.rpm SHA-256: aaf0fbf86fa3ee917fb43162f02911c38f066b736e26e814c36c85d57d19f4d1
libsoup-debuginfo-2.28.2-1.el6_1.1.s390x.rpm SHA-256: 393d97fb232cbcb2a2dfd3d35233358911065919ef31f94fc0110a576887da04
libsoup-devel-2.28.2-1.el6_1.1.s390.rpm SHA-256: 22598b0759c501258b63e3b11b9a118b4b1b64836d51e3cb5e96f20ea33cc517
libsoup-devel-2.28.2-1.el6_1.1.s390x.rpm SHA-256: fb8d83e531a826f7633af9f5d2e9d85544e4bd73080614022890ad93cc78bada

Red Hat Enterprise Linux for Power, big endian 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
ppc64
libsoup-2.28.2-1.el6_1.1.ppc.rpm SHA-256: 8cf55eca5432894fef2e881285220a56c5b5a8acabfd92a274e9b1f1aa8cc7df
libsoup-2.28.2-1.el6_1.1.ppc64.rpm SHA-256: 3905e7fcba3dec7548c24711bfd7d77150c24ee86c4b70773a9d6ba1a18436c1
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm SHA-256: bf5fcadac91de28751527fe84cf66f0e789570a8c74bd05b1f6e91b62cad6193
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc64.rpm SHA-256: 4a9db6692a76779fec3392629d5830bbcef650b90f3570a5ac9a2767c02bfa28
libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm SHA-256: 6147de0aa54b4c22d12c166a45eb622429664e549c81715678e4137b6de53cda
libsoup-devel-2.28.2-1.el6_1.1.ppc64.rpm SHA-256: f79a6fc71b515496d39718d49fa123385ac41f476a5cb1cf36fa05edb21d46ad

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.1

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
ppc64
libsoup-2.28.2-1.el6_1.1.ppc.rpm SHA-256: 8cf55eca5432894fef2e881285220a56c5b5a8acabfd92a274e9b1f1aa8cc7df
libsoup-2.28.2-1.el6_1.1.ppc64.rpm SHA-256: 3905e7fcba3dec7548c24711bfd7d77150c24ee86c4b70773a9d6ba1a18436c1
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc.rpm SHA-256: bf5fcadac91de28751527fe84cf66f0e789570a8c74bd05b1f6e91b62cad6193
libsoup-debuginfo-2.28.2-1.el6_1.1.ppc64.rpm SHA-256: 4a9db6692a76779fec3392629d5830bbcef650b90f3570a5ac9a2767c02bfa28
libsoup-devel-2.28.2-1.el6_1.1.ppc.rpm SHA-256: 6147de0aa54b4c22d12c166a45eb622429664e549c81715678e4137b6de53cda
libsoup-devel-2.28.2-1.el6_1.1.ppc64.rpm SHA-256: f79a6fc71b515496d39718d49fa123385ac41f476a5cb1cf36fa05edb21d46ad

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14

Red Hat Enterprise Linux Server from RHUI 6

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
i386
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f

Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.1

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14
i386
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f

Red Hat Virtual Storage Appliance (from RHUI) 6.1

SRPM
libsoup-2.28.2-1.el6_1.1.src.rpm SHA-256: eac85798adc9788f5fb3cba2da2fb00c350244b50a6a6fd92fa46886ee839b97
x86_64
libsoup-2.28.2-1.el6_1.1.i686.rpm SHA-256: 503cda85ec3a510609c5072be93d3bd26857a6cfae8bcc0cd95d4b8d049b463e
libsoup-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 0fd81200f1976419e30fd8ba8f5cf5c9da095b2dfb54dd9a976dead7736080af
libsoup-debuginfo-2.28.2-1.el6_1.1.i686.rpm SHA-256: 1776bd85778fb58c2ffb4b1e43791d28b1611a265f233c427b113ab68c1c5c43
libsoup-debuginfo-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: 764be6a8d6def2e986860ad419450e538877ac621198e705a6c9b735a2b32670
libsoup-devel-2.28.2-1.el6_1.1.i686.rpm SHA-256: 3908dcd37815123c246f425008209bc90c44169241e6cc126e6090eb5e78427f
libsoup-devel-2.28.2-1.el6_1.1.x86_64.rpm SHA-256: ec75da7a3c108062ec1a5dd12a765f72fcf8bff415d7e53e16d1a3860e5aed14

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.