Oval Definition:oval:com.redhat.rhsa:def:20172459
Revision Date:2017-08-10Version:636
Title:RHSA-2017:2459: libsoup security update (Important)
Description:The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

  • A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. (CVE-2017-2885)

    Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2017-2885
    RHSA-2017:2459
    RHSA-2017:2459-00
    RHSA-2017:2459-01
    Platform(s):Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • libsoup is earlier than 0:2.56.0-4.el7_4
  • AND libsoup is signed with Red Hat redhatrelease2 key
  • libsoup-devel is earlier than 0:2.56.0-4.el7_4
  • AND libsoup-devel is signed with Red Hat redhatrelease2 key
    • BACK