Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:2204-2

Опубликовано: 08 янв. 2019
Источник: suse-cvrf

Описание

Security update for libsoup

This update for libsoup fixes the following issues:

Security issue fixed:

  • CVE-2018-12910: Fix crash when handling empty hostnames (bsc#1100097).
  • CVE-2017-2885: Fix chunk decoding buffer overrun that could be exploited against either clients or servers (bsc#1052916).

Bug fixes:

  • bsc#1086036: translation-update-upstream commented out for Leap

Список пакетов

SUSE Enterprise Storage 4
libsoup-2_4-1-2.62.2-5.7.1
libsoup-2_4-1-32bit-2.62.2-5.7.1
libsoup-lang-2.62.2-5.7.1
typelib-1_0-Soup-2_4-2.62.2-5.7.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libsoup-2_4-1-2.62.2-5.7.1
libsoup-2_4-1-32bit-2.62.2-5.7.1
libsoup-lang-2.62.2-5.7.1
typelib-1_0-Soup-2_4-2.62.2-5.7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libsoup-2_4-1-2.62.2-5.7.1
libsoup-2_4-1-32bit-2.62.2-5.7.1
libsoup-lang-2.62.2-5.7.1
typelib-1_0-Soup-2_4-2.62.2-5.7.1
SUSE OpenStack Cloud 7
libsoup-2_4-1-2.62.2-5.7.1
libsoup-2_4-1-32bit-2.62.2-5.7.1
libsoup-lang-2.62.2-5.7.1
typelib-1_0-Soup-2_4-2.62.2-5.7.1

Ссылки

Описание

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Затронутые продукты
SUSE Enterprise Storage 4:libsoup-2_4-1-2.62.2-5.7.1
SUSE Enterprise Storage 4:libsoup-2_4-1-32bit-2.62.2-5.7.1
SUSE Enterprise Storage 4:libsoup-lang-2.62.2-5.7.1
SUSE Enterprise Storage 4:typelib-1_0-Soup-2_4-2.62.2-5.7.1
Ссылки

Описание

The get_cookies function in soup-cookie-jar.c in libsoup 2.63.2 allows attackers to have unspecified impact via an empty hostname.

Затронутые продукты
SUSE Enterprise Storage 4:libsoup-2_4-1-2.62.2-5.7.1
SUSE Enterprise Storage 4:libsoup-2_4-1-32bit-2.62.2-5.7.1
SUSE Enterprise Storage 4:libsoup-lang-2.62.2-5.7.1
SUSE Enterprise Storage 4:typelib-1_0-Soup-2_4-2.62.2-5.7.1
Ссылки