Revision Date: | 2017-08-10 | Version: | 636 |
Title: | RHSA-2017:2459: libsoup security update (Important) |
Description: | The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. (CVE-2017-2885)
Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue.
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | CVE-2017-2885 RHSA-2017:2459 RHSA-2017:2459-00 RHSA-2017:2459-01
|
Platform(s): | Red Hat Enterprise Linux 7
| Product(s): | |
Definition Synopsis |
Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 7 is installed
AND
libsoup is earlier than 0:2.56.0-4.el7_4
AND libsoup is signed with Red Hat redhatrelease2 key
libsoup-devel is earlier than 0:2.56.0-4.el7_4
AND libsoup-devel is signed with Red Hat redhatrelease2 key
|