Arch Linux Security Advisory ASA-201708-5 ========================================= Severity: Critical Date : 2017-08-10 CVE-ID : CVE-2017-2885 Package : libsoup Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-376 Summary ======= The package libsoup before version 2.58.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 2.58.2-1. # pacman -Syu "libsoup>=2.58.2-1" The problem has been fixed upstream in version 2.58.2. Workaround ========== None. Description =========== A stack based buffer overflow has been found in libsoup <= 2.58.1. A specially crafted HTTP request with chunked encoding can cause a stack overflow resulting in remote code execution. Impact ====== A remote attacker can execute arbitrary code on the affected host via a crafted HTTP request. References ========== https://bugzilla.gnome.org/show_bug.cgi?id=785774 https://security.archlinux.org/CVE-2017-2885