MGASA-2017-0272

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0272.html

Import Source

https://advisories.mageia.org/MGASA-2017-0272.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0272

Related

CVE-2017-2885

Published

2017-08-16T00:01:16Z

Modified

2017-08-15T22:23:36Z

Summary

Updated libsoup packages fix security vulnerability

Details

An exploitable stack based buffer overflow vulnerability exists in the GNOME libsoup 2.58. A specially crafted HTTP request can cause a stack overflow resulting in remote code execution. An attacker can send a special HTTP request to the vulnerable server to trigger this vulnerability (CVE-2017-2885).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/mageia/libsoup?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.48.1-1.1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:6 / libsoup

Package

Name: libsoup
Purl: pkg:rpm/mageia/libsoup?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.58.2-1.mga6

Ecosystem specific

{
    "section": "core"
}