Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201708-5 ======================================== Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-2885 Package : libsoup Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-376 Summary ====== The package libsoup before version 2.58.2-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 2.58.2-1. # pacman -Syu "libsoup>=2.58.2-1" The problem has been fixed upstream in version 2.58.2. Workaround ========= None. Description ========== A stack based buffer overflow has been found in libsoup <= 2.58.1. A specially crafted HTTP request with chunked encoding can cause a stack overflow resulting in remote code execution. Impact ===== A remote attacker can execute arbitrary code on the affected host via a crafted HTTP request. References ========= https://bugzilla.gnome.org/show_bug.cgi?id=785774 https://security.archlinux.org/CVE-2017-2885