Описание
ELSA-2018-3157: curl and nss-pem security and bug fix update (MODERATE)
curl [7.29.0-51]
- require a new enough version of nss-pem to avoid regression in yum (#1610998)
[7.29.0-50]
- remove dead code, detected by Coverity Analysis
- remove unused variable, detected by GCC and Clang
[7.29.0-49]
- make curl --speed-limit work with TFTP (#1584750)
[7.29.0-48]
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
- fix FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120)
- fix LDAP NULL pointer dereference (CVE-2018-1000121)
- fix RTSP RTP buffer over-read (CVE-2018-1000122)
- http: prevent custom Authorization headers in redirects (CVE-2018-1000007)
- doc: --tlsauthtype works only if built with TLS-SRP support (#1542256)
- update certificates in the test-suite because they expire soon (#1572723)
[7.29.0-47]
- make NSS deallocate PKCS #11 objects early enough (#1510247)
nss-pem [1.0.3-5]
- update object ID while reusing a certificate (#1610998)
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
curl
7.29.0-51.el7
libcurl
7.29.0-51.el7
libcurl-devel
7.29.0-51.el7
nss-pem
1.0.3-5.el7
Oracle Linux x86_64
curl
7.29.0-51.el7
libcurl
7.29.0-51.el7
libcurl-devel
7.29.0-51.el7
nss-pem
1.0.3-5.el7
Ссылки на источники
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 7 лет назад
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVSS3: 5.4
redhat
больше 7 лет назад
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.