[SECURITY] [DLA 1036-1] gsoap security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1036-1] gsoap security update
From: Markus Koschany <apo@debian.org>
Date: Mon, 24 Jul 2017 21:19:17 +0200
Message-id: <[🔎] 2ed4efcd-e8a4-1f12-83bb-c1c83bd32441@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : gsoap
Version        : 2.8.7-2+deb7u1
CVE ID         : CVE-2017-9765

A vulnerability was discovered in gsoap, a library for the development
of SOAP web services and clients, that may be exposed with a large and
specific XML message over 2 GB in size. After receiving this 2 GB
message, a buffer overflow can cause an open unsecured server to crash.
Clients communicating with HTTPS with trusted servers are not affected.

For Debian 7 "Wheezy", these problems have been fixed in version
2.8.7-2+deb7u1.

We recommend that you upgrade your gsoap packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAll2SDRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTn5RAApK9Yl6Zo6+cZuEVGwh926FvJBoCXNUnziaIx5JB/OJ+9mag/fDVlQPXz
Zm4bYCy1v+nnxoEDlUf1mATIc8BR+vwKZlB1D2II8K3Fmetj57Gad8QIMj8x2RLk
kqWvJByJ6ztggNTJpeHYDFhY/P12v8HwcETDlBnKzPWqEm0pnRLFyiPZJM/HAFx+
NV8rY0Qz7s2wfaLgU6jpb5Hbh4B4AYHJgpsuJ3okxXAv+gc4S0KAEgdQM6/w4yGU
DS7sZMJiwPT7Qv8mFzH112HrSXfI6IXM2nA0IBtb1ySPybWqAzaY9aRtRcvD31uD
qrT6LHpzVcHCmqNP8q9hBpCp+VcIZ1zsayQEamdZ3AXRrzR7pfBZeiJQUp7qOW95
MVNTDqhKI+fmuMiJWaZza4Ecn8SJeyRPkkw6NRh+0ByfSLNWxNUrR3IaNJUi8nK+
3XENZz/EGApAdZYItvqZX0AOdgkl1sfTesyVlxzXUdGFCiLrljxhiXyUGw1pDbVF
ExxDnXcxFdnPGA18fzIiaOSJrjT4wZnbdde+tFbDNnQgrjdws/xfRy9l2ttygmVI
hknH+qPhLgiTb46uLVPd17TcQbcIVwI2DRgwqlgZhDf+3on8rNzIWaTJhD2Ol/Rw
iVKkZCydphEmROyXg9yz4ctH2+8/Gq6yMu6yoHY7gdtEQhjBBVM=
=gvoM
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1035-1] qemu security update
Next by Date: [SECURITY] [DLA 1038-1] libtasn1-3 security update
Previous by thread: [SECURITY] [DLA 1035-1] qemu security update
Next by thread: [SECURITY] [DLA 1038-1] libtasn1-3 security update
Index(es):
- Date
- Thread