========================================================================== Ubuntu Security Notice USN-3383-1 August 10, 2017
libsoup2.4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Applications using libsoup could be made to crash or run programs as your login if it received specially crafted network traffic. Software Description: - libsoup2.4: HTTP client/server library for GNOME Details: Aleksandar Nikolic discovered a stack based buffer overflow when handling chunked encoding. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: gir1.2-soup-2.4 2.56.0-2ubuntu0.1 libsoup-gnome2.4-1 2.56.0-2ubuntu0.1 libsoup2.4-1 2.56.0-2ubuntu0.1 Ubuntu 16.04 LTS: gir1.2-soup-2.4 2.52.2-1ubuntu0.2 libsoup-gnome2.4-1 2.52.2-1ubuntu0.2 libsoup2.4-1 2.52.2-1ubuntu0.2 Ubuntu 14.04 LTS: gir1.2-soup-2.4 2.44.2-1ubuntu2.2 libsoup-gnome2.4-1 2.44.2-1ubuntu2.2 libsoup2.4-1 2.44.2-1ubuntu2.2 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3383-1 CVE-2017-2885 Package Information: https://launchpad.net/ubuntu/+source/libsoup2.4/2.56.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/libsoup2.4/2.52.2-1ubuntu0.2 https://launchpad.net/ubuntu/+source/libsoup2.4/2.44.2-1ubuntu2.2
signature.asc
Description: PGP signature
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
