{"id": "OPENVAS:70688", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2369-1 (libsoup2.4)", "description": "The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.", "published": "2012-02-11T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=70688", "reporter": "Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2011-2524"], "lastseen": "2017-07-24T12:51:02", "viewCount": 0, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2017-07-24T12:51:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2524"]}, {"type": "ubuntu", "idList": ["USN-1181-1"]}, {"type": "openvas", "idList": ["OPENVAS:870704", "OPENVAS:1361412562310863546", "OPENVAS:1361412562310863395", "OPENVAS:136141256231070688", "OPENVAS:1361412562310122125", "OPENVAS:840715", "OPENVAS:1361412562310840715", "OPENVAS:863546", "OPENVAS:831650", "OPENVAS:1361412562310831650"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11826", "SECURITYVULNS:DOC:26768"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2369-1:C934F"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-1102"]}, {"type": "redhat", "idList": ["RHSA-2011:1102"]}, {"type": "fedora", "idList": ["FEDORA:CD8522088A", "FEDORA:68DD5110B64"]}, {"type": "nessus", "idList": ["FEDORA_2011-9820.NASL", "FEDORA_2011-9763.NASL", "UBUNTU_USN-1181-1.NASL", "SUSE_11_4_LIBSOUP-2_4-1-110729.NASL", "MANDRIVA_MDVSA-2012-036.NASL", "DEBIAN_DSA-2369.NASL", "SL_20110728_LIBSOUP_ON_SL6_X.NASL", "SOLARIS11_LIBSOUP_20120918.NASL", "REDHAT-RHSA-2011-1102.NASL", "SUSE_11_3_LIBSOUP-2_4-1-110729.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201412-09"]}], "modified": "2017-07-24T12:51:02", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "70688", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2369_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2369-1 (libsoup2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libsoup2.4, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to SoupServer.\nA remote attacker can exploit this flaw to access system files via a\ndirectory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.34.3-1.\n\n\nWe recommend that you upgrade your libsoup2.4 packages.\";\ntag_summary = \"The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202369-1\";\n\nif(description)\n{\n script_id(70688);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-2524\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:14:57 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2369-1 (libsoup2.4)\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dbg\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-12-09T19:39:08", "description": "Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.", "edition": 5, "cvss3": {}, "published": "2011-08-31T23:55:00", "title": "CVE-2011-2524", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2524"], "modified": "2012-02-02T04:06:00", "cpe": ["cpe:/a:gnome:libsoup:2.2.97", "cpe:/a:gnome:libsoup:2.2.99", "cpe:/a:gnome:libsoup:2.29.91", "cpe:/a:gnome:libsoup:2.34.1", "cpe:/a:gnome:libsoup:2.23.92", "cpe:/a:gnome:libsoup:2.27.91", "cpe:/a:gnome:libsoup:2.2.6.1", "cpe:/a:gnome:libsoup:2.31.90", "cpe:/a:gnome:libsoup:2.25.5", "cpe:/a:gnome:libsoup:2.4.0", "cpe:/a:gnome:libsoup:2.2.95.1", "cpe:/a:gnome:libsoup:2.24.1", "cpe:/a:gnome:libsoup:2.27.90", "cpe:/a:gnome:libsoup:2.23.1", "cpe:/a:gnome:libsoup:2.2.5", "cpe:/a:gnome:libsoup:2.23.91", "cpe:/a:gnome:libsoup:2.0", "cpe:/a:gnome:libsoup:2.31.92", "cpe:/a:gnome:libsoup:2.26.1", "cpe:/a:gnome:libsoup:2.2", "cpe:/a:gnome:libsoup:2.2.100", "cpe:/a:gnome:libsoup:2.2.6", "cpe:/a:gnome:libsoup:2.32.0", "cpe:/a:gnome:libsoup:2.31.2", "cpe:/a:gnome:libsoup:2.30.1", "cpe:/a:gnome:libsoup:2.2.93", "cpe:/a:gnome:libsoup:2.2.3", "cpe:/a:gnome:libsoup:2.33.92", "cpe:/a:gnome:libsoup:2.29.90", "cpe:/a:gnome:libsoup:2.27.1", "cpe:/a:gnome:libsoup:2.26.0", "cpe:/a:gnome:libsoup:2.34.0", "cpe:/a:gnome:libsoup:2.33.4", "cpe:/a:gnome:libsoup:2.33.90", "cpe:/a:gnome:libsoup:2.25.3", "cpe:/a:gnome:libsoup:2.2.101", "cpe:/a:gnome:libsoup:2.32.2", "cpe:/a:gnome:libsoup:2.27.92", "cpe:/a:gnome:libsoup:2.27.5", "cpe:/a:gnome:libsoup:2.28.1", "cpe:/a:gnome:libsoup:2.2.94", "cpe:/a:gnome:libsoup:2.29.3", "cpe:/a:gnome:libsoup:2.2.104", "cpe:/a:gnome:libsoup:2.25.91", "cpe:/a:gnome:libsoup:2.32.1", "cpe:/a:gnome:libsoup:2.35.3", "cpe:/a:gnome:libsoup:2.29.5", "cpe:/a:gnome:libsoup:2.2.4", "cpe:/a:gnome:libsoup:2.2.103", "cpe:/a:gnome:libsoup:2.2.1", "cpe:/a:gnome:libsoup:2.25.4", "cpe:/a:gnome:libsoup:2.2.102", "cpe:/a:gnome:libsoup:2.3.2", "cpe:/a:gnome:libsoup:2.2.7", "cpe:/a:gnome:libsoup:2.24.0.1", "cpe:/a:gnome:libsoup:2.33.5", "cpe:/a:gnome:libsoup:2.33.6", "cpe:/a:gnome:libsoup:2.31.6", "cpe:/a:gnome:libsoup:2.2.92", "cpe:/a:gnome:libsoup:2.27.4", "cpe:/a:gnome:libsoup:2.30.0", "cpe:/a:gnome:libsoup:2.4.1", "cpe:/a:gnome:libsoup:2.27.2", "cpe:/a:gnome:libsoup:2.2.98", "cpe:/a:gnome:libsoup:2.2.91", "cpe:/a:gnome:libsoup:2.28.0", "cpe:/a:gnome:libsoup:2.2.96", "cpe:/a:gnome:libsoup:2.23.6", "cpe:/a:gnome:libsoup:2.25.2", "cpe:/a:gnome:libsoup:2.3.4", "cpe:/a:gnome:libsoup:2.3.0.1", "cpe:/a:gnome:libsoup:2.2.2", "cpe:/a:gnome:libsoup:2.2.0", "cpe:/a:gnome:libsoup:2.29.6"], "id": "CVE-2011-2524", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2524", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:gnome:libsoup:2.2.95.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.33.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.33.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.31.92:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.25.91:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.102:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.28.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.91:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.34.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.29.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.29.91:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.24.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.101:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.97:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.30.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.104:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.92:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.29.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.99:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.28.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.32.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.98:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.33.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.103:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.29.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.23.91:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.100:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.32.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.25.5:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.92:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.93:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.91:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.23.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.25.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.33.92:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.94:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.33.90:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.31.90:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.23.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.23.92:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.29.90:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.31.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.31.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.25.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.24.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.32.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.90:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.26.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.26.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.27.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.30.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.35.3:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.34.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.2.96:*:*:*:*:*:*:*", "cpe:2.3:a:gnome:libsoup:2.25.4:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T00:20:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "description": "It was discovered that libsoup did not properly validate its input when \nprocessing SoupServer requests. A remote attacker could exploit this to \naccess files via directory traversal.", "edition": 5, "modified": "2011-07-28T00:00:00", "published": "2011-07-28T00:00:00", "id": "USN-1181-1", "href": "https://ubuntu.com/security/notices/USN-1181-1", "title": "libsoup vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:39:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-09-27T00:00:00", "id": "OPENVAS:1361412562310863546", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863546", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9820\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863546\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-27 17:29:53 +0200 (Tue, 27 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-9820\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9820\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsoup'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"libsoup on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.32.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "Check for the Version of libsoup", "modified": "2017-12-28T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:870704", "href": "http://plugins.openvas.org/nasl.php?oid=870704", "type": "openvas", "title": "RedHat Update for libsoup RHSA-2011:1102-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libsoup RHSA-2011:1102-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"libsoup is an HTTP client/library implementation for GNOME.\n\n A directory traversal flaw was found in libsoup's SoupServer. If an\n application used SoupServer to implement an HTTP service, a remote attacker\n who is able to connect to that service could use this flaw to access any\n local files accessible to that application via a specially-crafted request.\n (CVE-2011-2524)\n\n All users of libsoup should upgrade to these updated packages, which\n contain a backported patch to resolve this issue. All running applications\n using libsoup's SoupServer must be restarted for the update to take effect.\";\n\ntag_affected = \"libsoup on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00033.html\");\n script_id(870704);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:50:37 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-2524\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"RHSA\", value: \"2011:1102-01\");\n script_name(\"RedHat Update for libsoup RHSA-2011:1102-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup-debuginfo\", rpm:\"libsoup-debuginfo~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup-devel\", rpm:\"libsoup-devel~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1181-1", "modified": "2019-03-13T00:00:00", "published": "2011-08-02T00:00:00", "id": "OPENVAS:1361412562310840715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840715", "type": "openvas", "title": "Ubuntu Update for libsoup2.4 USN-1181-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1181_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for libsoup2.4 USN-1181-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1181-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840715\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1181-1\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Ubuntu Update for libsoup2.4 USN-1181-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.10|10\\.04 LTS|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1181-1\");\n script_tag(name:\"affected\", value:\"libsoup2.4 on Ubuntu 11.04,\n Ubuntu 10.10,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that libsoup did not properly validate its input when\n processing SoupServer requests. A remote attacker could exploit this to\n access files via directory traversal.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.31.92-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-0ubuntu0.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.34.0-0ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "Oracle Linux Local Security Checks ELSA-2011-1102", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122125", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122125", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-1102", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-1102.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122125\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:13:29 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-1102\");\n script_tag(name:\"insight\", value:\"ELSA-2011-1102 - libsoup security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-1102\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-1102.html\");\n script_cve_id(\"CVE-2011-2524\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.28.2~1.el6_1.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"libsoup-devel\", rpm:\"libsoup-devel~2.28.2~1.el6_1.1\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870704", "type": "openvas", "title": "RedHat Update for libsoup RHSA-2011:1102-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libsoup RHSA-2011:1102-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-July/msg00033.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870704\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:50:37 +0530 (Mon, 09 Jul 2012)\");\n script_cve_id(\"CVE-2011-2524\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"RHSA\", value:\"2011:1102-01\");\n script_name(\"RedHat Update for libsoup RHSA-2011:1102-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsoup'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"libsoup on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"libsoup is an HTTP client/library implementation for GNOME.\n\n A directory traversal flaw was found in libsoup's SoupServer. If an\n application used SoupServer to implement an HTTP service, a remote attacker\n who is able to connect to that service could use this flaw to access any\n local files accessible to that application via a specially-crafted request.\n (CVE-2011-2524)\n\n All users of libsoup should upgrade to these updated packages, which\n contain a backported patch to resolve this issue. All running applications\n using libsoup's SoupServer must be restarted for the update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup-debuginfo\", rpm:\"libsoup-debuginfo~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libsoup-devel\", rpm:\"libsoup-devel~2.28.2~1.el6_1.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-25T10:55:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "Check for the Version of libsoup", "modified": "2017-07-10T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:863395", "href": "http://plugins.openvas.org/nasl.php?oid=863395", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9763\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libsoup is an HTTP library implementation in C. It was originally part\n of a SOAP (Simple Object Access Protocol) implementation called Soup, but\n the SOAP and non-SOAP parts have now been split into separate packages.\n\n libsoup uses the Glib main loop and is designed to work well with GTK\n applications. This enables GNOME applications to access HTTP servers\n on the network in a completely asynchronous fashion, very similar to\n the Gtk+ programming model (a synchronous operation mode is also\n supported for those who want it).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsoup on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html\");\n script_id(863395);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9763\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9763\");\n\n script_summary(\"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.34.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:55:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "Check for the Version of libsoup", "modified": "2017-07-10T00:00:00", "published": "2011-09-27T00:00:00", "id": "OPENVAS:863546", "href": "http://plugins.openvas.org/nasl.php?oid=863546", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9820", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9820\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Libsoup is an HTTP library implementation in C. It was originally part\n of a SOAP (Simple Object Access Protocol) implementation called Soup, but\n the SOAP and non-SOAP parts have now been split into separate packages.\n\n libsoup uses the Glib main loop and is designed to work well with GTK\n applications. This enables GNOME applications to access HTTP servers\n on the network in a completely asynchronous fashion, very similar to\n the Gtk+ programming model (a synchronous operation mode is also\n supported for those who want it).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"libsoup on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html\");\n script_id(863546);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-27 17:29:53 +0200 (Tue, 27 Sep 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2011-9820\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9820\");\n\n script_summary(\"Check for the Version of libsoup\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.32.2~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310863395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863395", "type": "openvas", "title": "Fedora Update for libsoup FEDORA-2011-9763", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for libsoup FEDORA-2011-9763\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863395\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2011-9763\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Fedora Update for libsoup FEDORA-2011-9763\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libsoup'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"libsoup on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"libsoup\", rpm:\"libsoup~2.34.3~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:39:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.", "modified": "2019-03-18T00:00:00", "published": "2012-02-11T00:00:00", "id": "OPENVAS:136141256231070688", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070688", "type": "openvas", "title": "Debian Security Advisory DSA 2369-1 (libsoup2.4)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2369_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2369-1 (libsoup2.4)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70688\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2011-2524\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-11 03:14:57 -0500 (Sat, 11 Feb 2012)\");\n script_name(\"Debian Security Advisory DSA 2369-1 (libsoup2.4)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(5|6)\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202369-1\");\n script_tag(name:\"insight\", value:\"It was discovered that libsoup2.4, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to SoupServer.\nA remote attacker can exploit this flaw to access system files via a\ndirectory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.34.3-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your libsoup2.4 packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to libsoup2.4\nannounced via advisory DSA 2369-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.4.1-2+lenny1\", rls:\"DEB5\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup-gnome2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dbg\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-dev\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libsoup2.4-doc\", ver:\"2.30.2-1+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-12-04T11:27:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1181-1", "modified": "2017-12-01T00:00:00", "published": "2011-08-02T00:00:00", "id": "OPENVAS:840715", "href": "http://plugins.openvas.org/nasl.php?oid=840715", "type": "openvas", "title": "Ubuntu Update for libsoup2.4 USN-1181-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1181_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for libsoup2.4 USN-1181-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that libsoup did not properly validate its input when\n processing SoupServer requests. A remote attacker could exploit this to\n access files via directory traversal.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1181-1\";\ntag_affected = \"libsoup2.4 on Ubuntu 11.04 ,\n Ubuntu 10.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1181-1/\");\n script_id(840715);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-02 09:08:31 +0200 (Tue, 02 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1181-1\");\n script_cve_id(\"CVE-2011-2524\");\n script_name(\"Ubuntu Update for libsoup2.4 USN-1181-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.31.92-0ubuntu1.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.30.2-0ubuntu0.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libsoup2.4-1\", ver:\"2.34.0-0ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "description": "libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote attacker\nwho is able to connect to that service could use this flaw to access any\nlocal files accessible to that application via a specially-crafted request.\n(CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running applications\nusing libsoup's SoupServer must be restarted for the update to take effect.\n", "modified": "2018-06-06T20:24:09", "published": "2011-07-28T04:00:00", "id": "RHSA-2011:1102", "href": "https://access.redhat.com/errata/RHSA-2011:1102", "type": "redhat", "title": "(RHSA-2011:1102) Moderate: libsoup security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:15", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "description": "[2.28.2-1.1]\n- Patch for CVE-2011-2524", "edition": 4, "modified": "2011-07-28T00:00:00", "published": "2011-07-28T00:00:00", "id": "ELSA-2011-1102", "href": "http://linux.oracle.com/errata/ELSA-2011-1102.html", "title": "libsoup security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2524"], "description": "Directory traversal in Web request handling.", "edition": 1, "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11826", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11826", "title": "libsoup library directory traversal", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2524"], "description": "==========================================================================\r\nUbuntu Security Notice USN-1181-1\r\nJuly 28, 2011\r\n\r\nlibsoup2.4 vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 11.04\r\n- Ubuntu 10.10\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nAn attacker could send crafted URLs to a SoupServer application and obtain\r\nunintended access to files.\r\n\r\nSoftware Description:\r\n- libsoup2.4: HTTP client/server library for GNOME\r\n\r\nDetails:\r\n\r\nIt was discovered that libsoup did not properly validate its input when\r\nprocessing SoupServer requests. A remote attacker could exploit this to\r\naccess files via directory traversal.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 11.04:\r\n libsoup2.4-1 2.34.0-0ubuntu1.1\r\n\r\nUbuntu 10.10:\r\n libsoup2.4-1 2.31.92-0ubuntu1.1\r\n\r\nUbuntu 10.04 LTS:\r\n libsoup2.4-1 2.30.2-0ubuntu0.2\r\n\r\nAfter a standard system update you need to restart any applications that\r\nuse libsoup to make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1181-1\r\n CVE-2011-2524\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/libsoup2.4/2.34.0-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libsoup2.4/2.31.92-0ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/libsoup2.4/2.30.2-0ubuntu0.2\r\n\r\n", "edition": 1, "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:DOC:26768", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26768", "title": "[USN-1181-1] libsoup2.4 vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:20:20", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "description": "- ---------------------------------------------------------------------------\nDebian Security Advisory DSA-2369-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nDec 21th, 2011 http://www.debian.org/security/faq\n- ---------------------------------------------------------------------------\n\nPackage : libsoup2.4\nVulnerability : insufficient input sanitization\nProblem type : remote\nDebian-specific: no\nDebian bug : 635837\nCVE IDs : CVE-2011-2524\n\nIt was discovered that libsoup2.4, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to SoupServer.\nA remote attacker can exploit this flaw to access system files via a\ndirectory traversal attack.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\n\nFor the testing distribution (squeeze), this problem has been fixed in\nversion 2.34.3-1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.34.3-1.\n\n\nWe recommend that you upgrade your libsoup2.4 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "edition": 9, "modified": "2011-12-21T23:12:08", "published": "2011-12-21T23:12:08", "id": "DEBIAN:DSA-2369-1:C934F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00248.html", "title": "[SECURITY] [DSA 2369-1] libsoup2.4 security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "description": "Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it). ", "modified": "2011-09-25T03:34:06", "published": "2011-09-25T03:34:06", "id": "FEDORA:CD8522088A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: libsoup-2.32.2-2.fc14", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2524"], "description": "Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it). ", "modified": "2011-08-05T23:57:40", "published": "2011-08-05T23:57:40", "id": "FEDORA:68DD5110B64", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: libsoup-2.34.3-1.fc15", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-12T09:47:10", "description": "It was discovered that libsoup, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to\nSoupServer. A remote attacker can exploit this flaw to access system\nfiles via a directory traversal attack.", "edition": 16, "published": "2012-01-12T00:00:00", "title": "Debian DSA-2369-1 : libsoup2.4 - insufficient input sanitization", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2012-01-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:libsoup2.4", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2369.NASL", "href": "https://www.tenable.com/plugins/nessus/57509", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2369. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57509);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"DSA\", value:\"2369\");\n\n script_name(english:\"Debian DSA-2369-1 : libsoup2.4 - insufficient input sanitization\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libsoup, a HTTP library implementation in C, is\nnot properly validating input when processing requests made to\nSoupServer. A remote attacker can exploit this flaw to access system\nfiles via a directory traversal attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/libsoup2.4\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2369\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libsoup2.4 packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 2.4.1-2+lenny1.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.30.2-1+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsoup2.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"libsoup2.4\", reference:\"2.4.1-2+lenny1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup-gnome2.4-1\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup-gnome2.4-dev\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-1\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-dbg\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-dev\", reference:\"2.30.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libsoup2.4-doc\", reference:\"2.30.2-1+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T06:00:52", "description": "This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)", "edition": 22, "published": "2011-08-08T00:00:00", "title": "SuSE 11.1 Security Update : libsoup (SAT Patch Number 4945)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1-32bit"], "id": "SUSE_11_LIBSOUP-110731.NASL", "href": "https://www.tenable.com/plugins/nessus/55774", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55774);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"SuSE 11.1 Security Update : libsoup (SAT Patch Number 4945)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2524.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 4945.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libsoup-2_4-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libsoup-2_4-1-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsoup-2_4-1-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libsoup-2_4-1-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libsoup-2_4-1-32bit-2.28.2-0.3.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.28.2-0.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:09:48", "description": "Fix CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-09-26T00:00:00", "title": "Fedora 14 : libsoup-2.32.2-2.fc14 (2011-9820)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2011-09-26T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libsoup", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-9820.NASL", "href": "https://www.tenable.com/plugins/nessus/56297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9820.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56297);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"FEDORA\", value:\"2011-9820\");\n\n script_name(english:\"Fedora 14 : libsoup-2.32.2-2.fc14 (2011-9820)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726469\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f5538c90\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"libsoup-2.32.2-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T12:46:10", "description": "From Red Hat Security Advisory 2011:1102 :\n\nUpdated libsoup packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.", "edition": 25, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 6 : libsoup (ELSA-2011-1102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2013-07-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:libsoup", "p-cpe:/a:oracle:linux:libsoup-devel"], "id": "ORACLELINUX_ELSA-2011-1102.NASL", "href": "https://www.tenable.com/plugins/nessus/68315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2011:1102 and \n# Oracle Linux Security Advisory ELSA-2011-1102 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68315);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"RHSA\", value:\"2011:1102\");\n\n script_name(english:\"Oracle Linux 6 : libsoup (ELSA-2011-1102)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2011:1102 :\n\nUpdated libsoup packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2011-July/002248.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"libsoup-2.28.2-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"libsoup-devel-2.28.2-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup / libsoup-devel\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:09:38", "description": "Updated libsoup packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.", "edition": 28, "published": "2011-07-29T00:00:00", "title": "RHEL 6 : libsoup (RHSA-2011:1102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2011-07-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.1", "p-cpe:/a:redhat:enterprise_linux:libsoup-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libsoup", "p-cpe:/a:redhat:enterprise_linux:libsoup-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-1102.NASL", "href": "https://www.tenable.com/plugins/nessus/55724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:1102. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55724);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"RHSA\", value:\"2011:1102\");\n\n script_name(english:\"RHEL 6 : libsoup (RHSA-2011:1102)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated libsoup packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nlibsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-2524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:1102\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libsoup, libsoup-debuginfo and / or libsoup-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsoup-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libsoup-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:1102\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"libsoup-2.28.2-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsoup-debuginfo-2.28.2-1.el6_1.1\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"libsoup-devel-2.28.2-1.el6_1.1\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup / libsoup-debuginfo / libsoup-devel\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:45:55", "description": "libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : libsoup on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110728_LIBSOUP_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61102", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61102);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"Scientific Linux Security Update : libsoup on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"libsoup is an HTTP client/library implementation for GNOME.\n\nA directory traversal flaw was found in libsoup's SoupServer. If an\napplication used SoupServer to implement an HTTP service, a remote\nattacker who is able to connect to that service could use this flaw to\naccess any local files accessible to that application via a specially\ncrafted request. (CVE-2011-2524)\n\nAll users of libsoup should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. All running\napplications using libsoup's SoupServer must be restarted for the\nupdate to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1107&L=scientific-linux-errata&T=0&P=2566\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?df4d954b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libsoup, libsoup-debuginfo and / or libsoup-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"libsoup-2.28.2-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsoup-debuginfo-2.28.2-1.el6_1.1\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"libsoup-devel-2.28.2-1.el6_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:07:43", "description": "This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libsoup-2_4-1", "p-cpe:/a:novell:opensuse:libsoup-2_4-1-32bit", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_LIBSOUP-2_4-1-110729.NASL", "href": "https://www.tenable.com/plugins/nessus/75614", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update libsoup-2_4-1-4941.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75614);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"openSUSE Security Update : libsoup-2_4-1 (openSUSE-SU-2011:0875-1)\");\n script_summary(english:\"Check for the libsoup-2_4-1-4941 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of libsoup fixes a directory traversal attack that affect\napplication using the library. CVE-2011-2524: CVSS v2 Base Score: 5.0\n(AV:N/AC:L/Au:N/C:P/I:N/A:N)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=706630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-08/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup-2_4-1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsoup-2_4-1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libsoup-2_4-1-2.30.1-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libsoup-2_4-1-32bit-2.30.1-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T14:01:02", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Directory traversal vulnerability in soup-uri.c in\n SoupServer in libsoup before 2.35.4 allows remote\n attackers to read arbitrary files via a %2e%2e (encoded\n dot dot) in a URI. (CVE-2011-2524)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : libsoup (cve_2011_2524_directory_traversal)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:libsoup", "cpe:/o:oracle:solaris:11.0"], "id": "SOLARIS11_LIBSOUP_20120918.NASL", "href": "https://www.tenable.com/plugins/nessus/80677", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80677);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-2524\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : libsoup (cve_2011_2524_directory_traversal)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Directory traversal vulnerability in soup-uri.c in\n SoupServer in libsoup before 2.35.4 allows remote\n attackers to read arbitrary files via a %2e%2e (encoded\n dot dot) in a URI. (CVE-2011-2524)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n # https://blogs.oracle.com/sunsecurity/cve-2011-2524-directory-traversal-vulnerability-in-libsoup\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c0b1371\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11/11 SRU 11.4.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:libsoup\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^libsoup$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.0.11.0.4.1\", sru:\"SRU 11.4\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : libsoup\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"libsoup\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:09:48", "description": "Update to 2.34.3, including fix for CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-08-08T00:00:00", "title": "Fedora 15 : libsoup-2.34.3-1.fc15 (2011-9763)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2011-08-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:libsoup", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9763.NASL", "href": "https://www.tenable.com/plugins/nessus/55771", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9763.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55771);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"FEDORA\", value:\"2011-9763\");\n\n script_name(english:\"Fedora 15 : libsoup-2.34.3-1.fc15 (2011-9763)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 2.34.3, including fix for CVE-2011-2524\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=726469\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063431.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?302b6e9d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:libsoup\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"libsoup-2.34.3-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T06:35:49", "description": "It was discovered that libsoup did not properly validate its input\nwhen processing SoupServer requests. A remote attacker could exploit\nthis to access files via directory traversal.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-07-29T00:00:00", "title": "Ubuntu 10.04 LTS / 10.10 / 11.04 : libsoup2.4 vulnerability (USN-1181-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2524"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "p-cpe:/a:canonical:ubuntu_linux:libsoup2.4-1"], "id": "UBUNTU_USN-1181-1.NASL", "href": "https://www.tenable.com/plugins/nessus/55731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1181-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(55731);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:27\");\n\n script_cve_id(\"CVE-2011-2524\");\n script_bugtraq_id(48926);\n script_xref(name:\"USN\", value:\"1181-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 10.10 / 11.04 : libsoup2.4 vulnerability (USN-1181-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that libsoup did not properly validate its input\nwhen processing SoupServer requests. A remote attacker could exploit\nthis to access files via directory traversal.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1181-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libsoup2.4-1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsoup2.4-1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/07/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|10\\.10|11\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 10.10 / 11.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libsoup2.4-1\", pkgver:\"2.30.2-0ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"libsoup2.4-1\", pkgver:\"2.31.92-0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libsoup2.4-1\", pkgver:\"2.34.0-0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libsoup2.4-1\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1572", "CVE-2010-4197", "CVE-2011-2472", "CVE-2010-4204", "CVE-2010-3257", "CVE-2011-1097", "CVE-2009-4111", "CVE-2010-1783", "CVE-2011-0465", "CVE-2010-3812", "CVE-2007-4370", "CVE-2010-3389", "CVE-2010-1787", "CVE-2010-1807", "CVE-2011-2473", "CVE-2011-3366", "CVE-2010-1780", "CVE-2009-4023", "CVE-2011-1144", "CVE-2010-4578", "CVE-2011-0904", "CVE-2010-4042", "CVE-2010-2526", "CVE-2010-1786", "CVE-2011-0721", "CVE-2010-1785", "CVE-2011-3365", "CVE-2011-0482", "CVE-2011-2471", "CVE-2010-4493", "CVE-2010-3255", "CVE-2010-1790", "CVE-2010-1788", "CVE-2010-2901", "CVE-2010-3374", "CVE-2011-2524", "CVE-2010-1815", "CVE-2011-0007", "CVE-2011-0905", "CVE-2010-1782", "CVE-2010-1814", "CVE-2010-1792", "CVE-2011-1760", "CVE-2010-3362", "CVE-2010-3259", "CVE-2010-4206", "CVE-2010-1812", "CVE-2010-1791", "CVE-2010-4577", "CVE-2010-4198", "CVE-2010-1784", "CVE-2010-4492", "CVE-2011-1425", "CVE-2011-1072", "CVE-2011-3367", "CVE-2011-0727", "CVE-2011-1951", "CVE-2010-3813", "CVE-2010-3999", "CVE-2010-0778", "CVE-2010-1793"], "edition": 1, "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * FMOD Studio\n * PEAR Mail\n * LVM2\n * GnuCash\n * xine-lib\n * Last.fm Scrobbler\n * WebKitGTK+\n * shadow tool suite\n * PEAR\n * unixODBC\n * Resource Agents\n * mrouted\n * rsync\n * XML Security Library\n * xrdb\n * Vino\n * OProfile\n * syslog-ng\n * sFlow Toolkit\n * GNOME Display Manager\n * libsoup\n * CA Certificates\n * Gitolite\n * QtCreator\n * Racer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll FMOD Studio users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/fmod-4.38.00\"\n \n\nAll PEAR Mail users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-Mail-1.2.0\"\n \n\nAll LVM2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-fs/lvm2-2.02.72\"\n \n\nAll GnuCash users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/gnucash-2.4.4\"\n \n\nAll xine-lib users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/xine-lib-1.1.19\"\n \n\nAll Last.fm Scrobbler users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-sound/lastfmplayer-1.5.4.26862-r3\"\n \n\nAll WebKitGTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/webkit-gtk-1.2.7\"\n \n\nAll shadow tool suite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/shadow-4.1.4.3\"\n \n\nAll PEAR users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-php/PEAR-PEAR-1.9.2-r1\"\n \n\nAll unixODBC users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/unixODBC-2.3.0-r1\"\n \n\nAll Resource Agents users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=sys-cluster/resource-agents-1.0.4-r1\"\n \n\nAll mrouted users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/mrouted-3.9.5\"\n \n\nAll rsync users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/rsync-3.0.8\"\n \n\nAll XML Security Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/xmlsec-1.2.17\"\n \n\nAll xrdb users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xrdb-1.0.9\"\n \n\nAll Vino users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/vino-2.32.2\"\n \n\nAll OProfile users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/oprofile-0.9.6-r1\"\n \n\nAll syslog-ng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/syslog-ng-3.2.4\"\n \n\nAll sFlow Toolkit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-analyzer/sflowtool-3.20\"\n \n\nAll GNOME Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=gnome-base/gdm-3.8.4-r3\"\n \n\nAll libsoup users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-libs/libsoup-2.34.3\"\n \n\nAll CA Certificates users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-misc/ca-certificates-20110502-r1\"\n \n\nAll Gitolite users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/gitolite-1.5.9.1\"\n \n\nAll QtCreator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/qt-creator-2.1.0\"\n \n\nGentoo has discontinued support for Racer. We recommend that users unmerge Racer: \n \n \n # emerge --unmerge \"games-sports/racer-bin\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues.", "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-09", "href": "https://security.gentoo.org/glsa/201412-09", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2011", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}