This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
An update for libsoup is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
The libsoup packages provide an HTTP client and server library for
Security Fix(es) :
* A stack-based buffer overflow flaw was discovered within the HTTP
processing of libsoup. A remote attacker could exploit this flaw to
cause a crash or, potentially, execute arbitrary code by sending a
specially crafted HTTP request to a server using the libsoup HTTP
server functionality or by tricking a user into connecting to a
malicious HTTP server with an application using the libsoup HTTP
client functionality. (CVE-2017-2885)
Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for
reporting this issue.
See also :
Update the affected libsoup, libsoup-debuginfo and / or libsoup-devel
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 6.9
Public Exploit Available : false