CESA-2017:2459 -- centos 7 libsoupID: oval:org.secpod.oval:def:204645 | Date: (C)2018-04-30 (M)2022-10-10 |
Class: PATCH | Family: unix |
The libsoup packages provide an HTTP client and server library for GNOME. Security Fix: * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. Red Hat would like to thank Aleksandar Nikolic for reporting this issue.