Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Fedora 25: FEDORA-2017-872a0a9a85 critical: libsoup buffer overflow

fedora
Calendar Grey August 14, 2017
Dist Fedora Esm H88
Important update for Fedora 25 correcting a severe vulnerability in libsoup's management of HTTP requests. Installation instructions are provided.
Security fix for CVE-2017-2885 (stack based buffer overflow with HTTP Chunked Encoding).

Summary

Libsoup is an HTTP library implementation in C. It was originally part

of a SOAP (Simple Object Access Protocol) implementation called Soup, but

the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK

applications. This enables GNOME applications to access HTTP servers

on the network in a completely asynchronous fashion, very similar to

the Gtk+ programming model (a synchronous operation mode is also

supported for those who want it).

Security fix for CVE-2017-2885 (stack based buffer overflow with HTTP Chunked

Encoding).

[ 1 ] Bug #1479281 - CVE-2017-2885 libsoup: Stack based buffer overflow with HTTP Chunked Encoding

https://bugzilla.redhat.com/show_bug.cgi?id=1479281

su -c 'dnf upgrade libsoup' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 2.56.1
Release: 1.fc25
Summary: Soup, an HTTP library implementation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.