ArchLinux: 201708-5: libsoup: arbitrary code execution
Summary
A stack based buffer overflow has been found in libsoup <= 2.58.1. A specially crafted HTTP request with chunked encoding can cause a stack overflow resulting in remote code execution.
Resolution
Upgrade to 2.58.2-1.
# pacman -Syu "libsoup>=2.58.2-1"
The problem has been fixed upstream in version 2.58.2.
References
https://bugzilla.gnome.org/show_bug.cgi?id=785774 https://security.archlinux.org/CVE-2017-2885
Workaround
None.