Bug 1479281 (CVE-2017-2885)
Summary: | CVE-2017-2885 libsoup: Stack based buffer overflow with HTTP Chunked Encoding | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | cperry, danw, erik-fedora, klember, mbarnes, mbarnes, mcrha, rjones, security-response-team, slawomir, tpopela |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libsoup 2.59.90.1, libsoup 2.58.2, libsoup 2.56.1 | Doc Type: | If docs needed, set a value |
Doc Text: |
A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-16 08:34:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1479321, 1479322, 1480239, 1480240, 1480241 | ||
Bug Blocks: | 1479282 |
Description
Andrej Nemec
2017-08-08 08:56:54 UTC
Acknowledgments: Name: Aleksandar Nikolic (Cisco Talos) Statement: This issue affects the libsoup packages as shipped with Red Hat Enterprise Linux 7. However, these packages have been compiled with additional security mitigation techniques ("stack smashing protection"), which makes exploitation significantly harder. Thus, in most cases an exploitation attempt should be mitigated to a mere crash. However, successful exploitation to execute arbitrary code can't be ruled out entirely. Created libsoup tracking bugs for this issue: Affects: fedora-all [bug 1480241] Created mingw-libsoup tracking bugs for this issue: Affects: epel-7 [bug 1480239] Affects: fedora-all [bug 1480240] This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2017:2459 https://access.redhat.com/errata/RHSA-2017:2459 Upstream patch: https://git.gnome.org/browse/libsoup/commit/?id=03c91c76daf70ee227f38304c5e45a155f45073d External References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0392 |