[Cucumber-linux-security] libsoup (security update is available)

[Z5T1 <z5...@z5...>]

  Update Information

A security update is available for libsoup for the following versions of
Cucumber Linux:

  * 1.0

Here are the details from the Cucumber 1.0 changelog:

+----------------+
Thu Aug 10 20:59:25 EDT 2017
lib-general/libsoup upgraded from 2.57.1 to 2.59.90.1 to fix CVE-2017-2885, a
	remotely exploitable stack based buffer overflow vulnerability
	(triggerable via a specially crafted HTTP request) that could result in
	remote code execution. For more information see:
		https://nvd.nist.gov/vuln/CVE-2017-2885
		http://ftp.gnome.org/pub/GNOME/sources/libsoup/2.59/libsoup-2.59.90.1.news
		https://bugzilla.gnome.org/show_bug.cgi?id=785774
* SECURITY FIX *
+----------------+

------------------------------------------------------------------------


  Installing the Update

The updated package can be installed via Pickle by running the following
commands (as root):

# pickle --update
# pickle

Make sure libsoup is selected on the update list, and then select Ok.
Pickle will then install the updated package.

If you prefer to download the updated package manually, it can be found
at the following location:

Cucumber 1.0 i686:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-i686/lib-general/libsoup-2.59.90.1-i686-1.txz

Cucumber 1.0 x86_64:
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/lib-general/libsoup-2.59.90.1-x86_64-1.txz
http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/cucumber-x86_64/multilib/lib-general/libsoup-lib_i686-2.59.90.1-lib_i686-1.txz

To upgrade the package manually, download the new package and run the
following command (as root):

# upgradepkg libsoup-2.59.90.1-i686-1.txz


------------------------------------------------------------------------
The Cucumber Linux Security Team
cuc...@li...
http://www.cucumberlinux.com/security.php