Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-2132

Published: 20 August 2012

libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.

Notes

AuthorNote
mdeslaur
This isn't actually a flaw in libsoup, it's a flaw in
applications that don't set ssl-strict, and don't set
ssl-ca-file, but expect SOUP_MESSAGE_CERTIFICATE_TRUSTED to
mean something. Applications should either set a ssl-ca-file,
or ignore SOUP_MESSAGE_CERTIFICATE_TRUSTED.
We aren't going to fix this in libsoup. Applications should be
fixed instead. Marked as ignored.

Priority

Medium

Status

Package Release Status
libsoup2.4
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid Ignored

natty Ignored

oneiric Ignored

precise Ignored

upstream Needs triage