Applications using libsoup could be made to crash or run programs
as your login if it received specially crafted network traffic.
Software Description:
- libsoup2.4: HTTP client/server library for GNOME
Details:
Aleksandar Nikolic discovered a stack based buffer overflow when
handling chunked encoding. An attacker could use this to cause a
denial of service or possibly execute arbitrary code.
The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: gir1.2-soup-2.4 2.56.0-2ubuntu0.1 libsoup-gnome2.4-1 2.56.0-2ubuntu0.1 libsoup2.4-1 2.56.0-2ubuntu0.1 Ubuntu 16.04 LTS: gir1.2-soup-2.4 2.52.2-1ubuntu0.2 libsoup-gnome2.4-1 2.52.2-1ubuntu0.2 libsoup2.4-1 2.52.2-1ubuntu0.2 Ubuntu 14.04 LTS: gir1.2-soup-2.4 2.44.2-1ubuntu2.2 libsoup-gnome2.4-1 2.44.2-1ubuntu2.2 libsoup2.4-1 2.44.2-1ubuntu2.2 In general, a standard system update will make all the necessary changes.
CVE-2017-2885
Get the latest Linux and open source security news straight to your inbox.