1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4202-1] curl security update

    From Alessandro Ghedini@1:229/2 to All on Wed May 16 22:40:01 2018
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4202-1 [email protected] https://www.debian.org/security/ Alessandro Ghedini
    May 16, 2018 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : curl
    CVE ID : CVE-2018-1000301
    Debian Bug : 898856

    OSS-fuzz, assisted by Max Dymond, discovered that cURL, an URL transfer library, could be tricked into reading data beyond the end of a heap
    based buffer when parsing invalid headers in an RTSP response.

    For the oldstable distribution (jessie), this problem has been fixed
    in version 7.38.0-4+deb8u11.

    For the stable distribution (stretch), this problem has been fixed in
    version 7.52.1-5+deb9u6.

    We recommend that you upgrade your curl packages.

    For the detailed security status of curl please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/curl

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEBsId305pBx+F583DbwzL4CFiRygFAlr8j3YACgkQbwzL4CFi RyhteA/9FoQImj7+DkVy4UtikwozI3zWs4dHE9lg5/rpTWiiaRXGlabF+PdfbHCU 7skWn4vkSMBei4HK6YQrA072jTuseMpJT7jqj4gAlQfOvSbu1DiDuHqWa8CyitVY Gq+WczMxOQZAphN0Stt2P0/hwNtV+pKhF6f6dDDxrFvVOjKueztveSWVWICUOoRg PDqngVSnoR+z3JlWbcItfoeL/DD9ag8n5Andb7EWc/4a2aZQ/D+cXjXiYFbJD+Qx 3PVTEvCjKV1YzZVxYV50XSxCmw+JMOirEelVYwxr2irAJJxoBs8sq7LfQMwv+WQH tdKuUuKb159t5hDXesJ8P6Frh8fmcfa/I9y+jWaWgPYav0IBjzvgOvmlyQxgOApc aIX4Yu5NmGnYLeHVAu5bwtPpMNpYCDRBwWrekiR2DlzC7tlEvrN3KYAvnamlcaf5 KJpm7IdCsRkK3VTRmn0oHbni8xPMwDWsxFGYGD3CFCf4E5Pa7uudaQ+Qi7Ft63Og zCTOd+nBscj1MINpYxMamuHG42JkdXA3hE9nqFYKf2wCs9gnXYBPKWPCrOUdKyBP WzlS8I7j9rAXsae1FdcdlnhtRyQyrPXsAbMaKTqCsolmCRRxsEdZ36EBRT7r+0rp BBZUwB8AbOCWUv6gN5hSLBRezWxe/Kt7MLrmxmMd2PIQHtqWGms=
    =q+0I
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)