Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Fedora 25 Critical: Mingw-Libsoup Buffer Overflow Security Update

fedora
Calendar Grey August 22, 2017
Dist Fedora Esm H88
Important patch released for Fedora 25 correcting buffer overflow vulnerability in mingw-libsoup to improve security measures. Find further details within.
Security fix for CVE-2017-2885 (stack based buffer overflow with HTTP Chunked Encoding).

Summary

Libsoup is an HTTP library implementation in C. It was originally part

of a SOAP (Simple Object Access Protocol) implementation called Soup, but

the SOAP and non-SOAP parts have now been split into separate packages.

libsoup uses the Glib main loop and is designed to work well with GTK

applications. This enables GNOME applications to access HTTP servers

on the network in a completely asynchronous fashion, very similar to

the Gtk+ programming model (a synchronous operation mode is also

supported for those who want it).

This is the MinGW build of Libsoup

Security fix for CVE-2017-2885 (stack based buffer overflow with HTTP Chunked

Encoding).

[ 1 ] Bug #1480240 - CVE-2017-2885 mingw-libsoup: libsoup: Stack based buffer overflow with HTTP Chunked Encoding [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1480240

su -c 'dnf upgrade mingw-libsoup' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 25
Version: 2.56.1
Release: 1.fc25
Summary: MinGW library for HTTP and XML-RPC functionality

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.