Описание
Recommended update for gsoap
This update for gsoap fixes the following security issue:
- CVE-2017-9765: A remote attacker may have triggered a buffer overflow to cause a server crash (denial of service) after sending 2GB of a specially crafted XML message, or possibly have unspecified futher impact. (bsc#1049348)
Список пакетов
openSUSE Leap 42.2
gsoap-2.8.46-3.1
gsoap-devel-2.8.46-3.1
gsoap-doc-2.8.46-3.1
libgsoap-2_8_33-2.8.33-2.3.1
libgsoap-2_8_46-2.8.46-3.1
openSUSE Leap 42.3
gsoap-2.8.46-3.1
gsoap-devel-2.8.46-3.1
gsoap-doc-2.8.46-3.1
libgsoap-2_8_33-2.8.33-2.3.1
libgsoap-2_8_46-2.8.46-3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1957-1
- SUSE Security Ratings
Описание
Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via a large XML document, aka Devil's Ivy. NOTE: the large document would be blocked by many common web-server configurations on general-purpose computers.
Затронутые продукты
openSUSE Leap 42.2:gsoap-2.8.46-3.1
openSUSE Leap 42.2:gsoap-devel-2.8.46-3.1
openSUSE Leap 42.2:gsoap-doc-2.8.46-3.1
openSUSE Leap 42.2:libgsoap-2_8_33-2.8.33-2.3.1
Ссылки
- CVE-2017-9765
- SUSE Bug 1049348