Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-2885 Package : libsoup Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-376
The package libsoup before version 2.58.2-1 is vulnerable to arbitrary code execution.
Upgrade to 2.58.2-1.
The problem has been fixed upstream in version 2.58.2.
A stack based buffer overflow has been found in libsoup <= 2.58.1. A specially crafted HTTP request with chunked encoding can cause a stack overflow resulting in remote code execution.
A remote attacker can execute arbitrary code on the affected host via a crafted HTTP request.