Advisories » MGASA-2017-0221

Updated gsoap packages fix security vulnerability

Publication date: 25 Jul 2017
Modification date: 25 Jul 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-9765

Description

A potential vulnerability to a large and specific XML message over 2GB
in size (greater than 2147483711 bytes to trigger the software bug). A
buffer overflow can cause an open unsecured server to crash or
malfunction after 2GB is received (CVE-2017-9765).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21298
• http://openwall.com/lists/oss-security/2017/07/19/7
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9765

SRPMS

5/core

• gsoap-2.8.49-1.mga5

6/core

• gsoap-2.8.49-1.mga6