| Revision Date: | 2017-08-10 | Version: | 636 |
| Title: | RHSA-2017:2459: libsoup security update (Important) |
| Description: | The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. (CVE-2017-2885)
Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2017-2885
RHSA-2017:2459
RHSA-2017:2459-00
RHSA-2017:2459-01
|
| Platform(s): | Red Hat Enterprise Linux 7
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux must be installed OR Package Information
Red Hat Enterprise Linux 7 is installed
AND
libsoup is earlier than 0:2.56.0-4.el7_4
AND libsoup is signed with Red Hat redhatrelease2 key
libsoup-devel is earlier than 0:2.56.0-4.el7_4
AND libsoup-devel is signed with Red Hat redhatrelease2 key
|