Описание
Security update for libsoup
This update for libsoup fixes the following issues:
- A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885).
Список пакетов
SUSE Linux Enterprise Server 12 SP1-LTSS
libsoup-2_4-1-2.44.2-2.3.1
libsoup-2_4-1-32bit-2.44.2-2.3.1
libsoup-lang-2.44.2-2.3.1
typelib-1_0-Soup-2_4-2.44.2-2.3.1
SUSE Linux Enterprise Server 12-LTSS
libsoup-2_4-1-2.44.2-2.3.1
libsoup-2_4-1-32bit-2.44.2-2.3.1
libsoup-lang-2.44.2-2.3.1
typelib-1_0-Soup-2_4-2.44.2-2.3.1
SUSE Linux Enterprise Server for SAP Applications 12
libsoup-2_4-1-2.44.2-2.3.1
libsoup-2_4-1-32bit-2.44.2-2.3.1
libsoup-lang-2.44.2-2.3.1
typelib-1_0-Soup-2_4-2.44.2-2.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libsoup-2_4-1-2.44.2-2.3.1
libsoup-2_4-1-32bit-2.44.2-2.3.1
libsoup-lang-2.44.2-2.3.1
typelib-1_0-Soup-2_4-2.44.2-2.3.1
SUSE OpenStack Cloud 6
libsoup-2_4-1-2.44.2-2.3.1
libsoup-2_4-1-32bit-2.44.2-2.3.1
libsoup-lang-2.44.2-2.3.1
typelib-1_0-Soup-2_4-2.44.2-2.3.1
Ссылки
- Link for SUSE-SU-2017:2130-1
- E-Mail link for SUSE-SU-2017:2130-1
- SUSE Security Ratings
- SUSE Bug 1052916
- SUSE CVE CVE-2017-2885 page
Описание
An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP1-LTSS:libsoup-2_4-1-2.44.2-2.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libsoup-2_4-1-32bit-2.44.2-2.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:libsoup-lang-2.44.2-2.3.1
SUSE Linux Enterprise Server 12 SP1-LTSS:typelib-1_0-Soup-2_4-2.44.2-2.3.1
Ссылки
- CVE-2017-2885
- SUSE Bug 1052916