CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding

From: Tobias Mueller <tobiasmue gnome org>
To: distributor-list gnome org
Cc: security gnome org
Subject: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding
Date: Thu, 10 Aug 2017 14:36:10 +0200

Hi.

PSA: Please update libsoup with the patch from
https://bugzilla.gnome.org/show_bug.cgi?id=78577
or take one of the new releases 2.59.90.1,  2.58.2 (gnome-3-24), or
2.56.1 (gnome-3-22).

The patch fixes a severe bug which affects libsoup acting as either
client or server when dealing with chunked encoding.

All versions since 2012 are affected.
Credits go to Aleksandar Nikolic of Cisco Talos for finding this issue.

Cheers,
  Tobi

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding
  - From: Bastien Nocera
- Re: CVE-2017-2885 libsoup - stack based buffer overflow with HTTP Chunked Encoding
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]