Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:2174-1

Опубликовано: 16 авг. 2017
Источник: suse-cvrf

Описание

Security update for curl

This update for curl fixes the following issues:

  • CVE-2017-1000100: TFP sends more than buffer size and it could lead to a denial of service (bsc#1051644)
  • CVE-2017-1000101: URL globbing out of bounds read could lead to a denial of service (bsc#1051643)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP3
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Server 12 SP2
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Server 12 SP3
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
curl-7.37.0-37.3.1
libcurl4-7.37.0-37.3.1
libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libcurl-devel-7.37.0-37.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libcurl-devel-7.37.0-37.3.1

Ссылки

Описание

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:curl-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.3.1
Ссылки

Описание

curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:curl-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-32bit-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP2:libcurl4-7.37.0-37.3.1
SUSE Linux Enterprise Desktop 12 SP3:curl-7.37.0-37.3.1
Ссылки