21497 – libsoup security vulnerability CVE-2017-2885.

Bug 21497 - libsoup security vulnerability CVE-2017-2885.

Summary: libsoup security vulnerability CVE-2017-2885.

Status:	RESOLVED DUPLICATE of bug 21487

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	https://www.debian.org/security/2017/...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-11 10:23 CEST by Zombie Ryushu
Modified:	2017-08-11 10:28 CEST (History)
CC List:	0 users

See Also:
Source RPM:	libsoup
CVE:	CVE-2017-2885
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2017-08-11 10:23:28 CEST

Aleksandar Nikolic of Cisco Talos discovered a stack-based buffer overflow vulnerability in libsoup2.4, a HTTP library implementation in C. A remote attacker can take advantage of this flaw by sending a specially crafted HTTP request to cause an application using the libsoup2.4 library to crash (denial of service), or potentially execute arbitrary code.

Zombie Ryushu 2017-08-11 10:25:33 CEST

CVE: (none) => CVE-2017-2885

Comment 1 Zombie Ryushu 2017-08-11 10:28:34 CEST

I Forgot to see that there was already a bug reported on this. By about an hour.

*** This bug has been marked as a duplicate of bug 21487 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Note You need to log in before you can comment on or make changes to this bug.