Advisories » MGASA-2017-0272

Updated libsoup packages fix security vulnerability

Publication date: 16 Aug 2017
Modification date: 15 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-2885

Description

An exploitable stack based buffer overflow vulnerability exists in the
GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack
overflow resulting in remote code execution. An attacker can send a
special HTTP request to the vulnerable server to trigger this
vulnerability (CVE-2017-2885).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21487
• https://www.talosintelligence.com/reports/TALOS-2017-0392/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2885

SRPMS

5/core

• libsoup-2.48.1-1.1.mga5

6/core

• libsoup-2.58.2-1.mga6