openSUSE-SU-2017:2153-1

Опубликовано: 11 авг. 2017

Источник: suse-cvrf

Описание

Security update for libsoup

This update for libsoup fixes the following issues:

A bug in the HTTP Chunked Encoding code has been fixed that could have been exploited by attackers to cause a stack-based buffer overflow in client or server code running libsoup (bsc#1052916, CVE-2017-2885).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2

libsoup-2.54.1-5.1

libsoup-2_4-1-2.54.1-5.1

libsoup-2_4-1-32bit-2.54.1-5.1

libsoup-devel-2.54.1-5.1

libsoup-devel-32bit-2.54.1-5.1

libsoup-lang-2.54.1-5.1

typelib-1_0-Soup-2_4-2.54.1-5.1

openSUSE Leap 42.3

libsoup-2.54.1-5.1

libsoup-2_4-1-2.54.1-5.1

libsoup-2_4-1-32bit-2.54.1-5.1

libsoup-devel-2.54.1-5.1

libsoup-devel-32bit-2.54.1-5.1

libsoup-lang-2.54.1-5.1

typelib-1_0-Soup-2_4-2.54.1-5.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00043.html
E-Mail link for openSUSE-SU-2017:2153-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability.

Затронутые продукты

openSUSE Leap 42.2:libsoup-2.54.1-5.1

openSUSE Leap 42.2:libsoup-2_4-1-2.54.1-5.1

openSUSE Leap 42.2:libsoup-2_4-1-32bit-2.54.1-5.1

openSUSE Leap 42.2:libsoup-devel-2.54.1-5.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-2885.html
CVE-2017-2885
https://bugzilla.suse.com/1052916
SUSE Bug 1052916

openSUSE-SU-2017:2153-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-2885

Описание

Затронутые продукты

Ссылки